__/ [PeteM] on Monday 31 October 2005 20:15 \__
> Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx> posted
>>__/ [PeteM] on Monday 31 October 2005 10:36 \__
>>
>>> Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx> posted
>>>>Microsoft have admittedly released a flawed operating system. That
>>>>operating system can be trivially hijacked due to a critical loophole
>>>>and then be converted into what is commonly called a 'zombie'.
>>>
>>> Which particular OS version and exploit are you thinking of?
>>
>>See below:
>>
>>http://www.eweek.com/article2/0,1895,1879102,00.asp
>>
>
> When I tried to view this article, it produced an alert box inviting me
> to fill in a survey form. When I clicked the "Cancel" button, the
> article text was deleted from my screen. Wonderful.
>
> Eventually I managed to reload the page, but it turned out I couldn't
> understand a single sentence of the article. For example "The original
> patch was meant to address a denial-of-service flaw on CSRSS
> (Client/Server Runtime Server Subsystem), the user-mode part of the
> Win32 subsystem." You what?
>
> If this is how people who are trying to *improve* software reliability
> design their websites, then God help us.
Notice the suffix in the Web address. It is ASP, which is Microsoft's attempt
to embrace, extend and extinguish Apache (/Linux) servers, as well as PHP,
CGI and the like.
I have always complained about downtime, reliability (or lack of it) and
speed of Microsoft-powered sites. For this very same reason, I am always
reluctant to cite them. Any respectable governmental site runs on Linux or
Solaris and does not suffer from these problems. One thing they are not
immune to however: DoS attacks that are carried out by armies of hijacked
Windows boxes.
...checking my logs again and no signs of abatement... over 1,000 attacks
yesterday... going strong for over 3 weeks now...
...hopeless... *sigh*
Roy
|
|
