__/ [ Peter Köhlmann ] on Friday 25 May 2007 13:16 \__
> [H]omer wrote:
>
>> Verily I say unto thee, that Roy Schestowitz spake thusly:
>>
>>> Microsoft investigates new Office zero-day flaw
>>
>> I don't know who coined the phrase "zero-day flaw", but AFAICT it's
>> nonsense.
>>
>> The term "zero-day" refers to an *exploit* or *warez* released on the
>> *same day* as an official software release.
>
> Not necessarily. It is also used as a moniker for exploits for bugs which
> are either just discovered or which are not even "officially" known.
> Lots of the windows malware is of that type, and MS with their
> idiotic "patch-day" leaves weeks or even month open for the malware to do
> its deeds
>
> < snip >
Update:
http://scmagazine.com/us/news/article/659817/month-activex-bugs-project-reveals-office-2000-flaw/
"MoAxB has now revealed 24 ActiveX flaws during the month of May. The latest
of a growing list of "month of X bugs" projects, MoAxB has faced now-routine
criticism from vendors and researchers that it has trampled on responsible
disclosure practices."
Ooh la la!
Better get to work, Microsoft. When pointless lockins bite developers in the
arse...
--
~~ Best regards
Roy S. Schestowitz | Open syntax, Open API's, Open standards
http://Schestowitz.com | Free as in Free Beer ¦ PGP-Key: 0x74572E8E
Cpu(s): 23.7% user, 4.6% system, 0.6% nice, 71.1% idle
http://iuron.com - semantic engine to gather information
|
|