Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

[News] [Rival] New ActiveX Headaches for Windows Users

  • Subject: [News] [Rival] New ActiveX Headaches for Windows Users
  • From: Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx>
  • Date: Tue, 04 Sep 2007 13:59:15 +0100
  • Newsgroups: comp.os.linux.advocacy
  • Organization: Netscape / schestowitz.com
  • User-agent: KNode/0.10.4
Yahoo! battered by second ActiveX vulnerability

,----[ Quote ]
| The vulnerabilities affect versions of Yahoo! Messenger 8.x prior to version 
|, released late last week. Users are urged to upgrade. 



Way Too ActiveX

,----[ Quote ]
| Today, over at Symantec's Security Response Weblog, Greg Ahmad
| reveals startling--and I do mean shocking--increases in ActiveX
| vulnerabilities. According to Symantec, ActiveX vulnerabilities
| stayed in the 12- to- 15-a-year range from 2002 to 2005. For
| 2006, the number of vulnerabilities "reached 50," with 42 in
| the second half of the year--coincidentally, the same time
| period Microsoft finished up and released Internet Explorer 7.


Acer puts Active X hole on laptops 

,----[ Quote ]
| Laptop outfit Acer seems to have placed an Active X control on its
| computers that seems to allow webpages to execute any program.
| This huge hole in network security has been installed on board Acer
| lap-tops since 1998.


Adobe Confirms 'Critical' Reader, Acrobat Exploits With IE

,----[ Quote ]
| A critical security vulnerability in an ActiveX control used by
| Internet Explorer could allow malicious hackers to use Adobe's
| Reader and Acrobat software to launch PC hijack attacks,
| according to a warning from Adobe Systems.


Month of ActiveX bugs project begins with two Office flaws

,----[ Quote ]
| A hacker known as shinnai kicked off his "Month of ActiveX Bugs"
| (MoAxB) project with a bang by exposing a number of severe
| vulnerabilities affecting OCX controls in Microsoft Office.


Microsoft users sticking with third-party security vendors

,----[ Quote ]
| "Security vendors have a valid concern, as Microsoft is known as a
| convicted monopolist," said John Bambenek, a Champaign, Ill.-based
| security professional who volunteers as a handler at the Bethesda,
| Md.-based SANS Internet Storm Center (ISC).


McAfee: Microsoft completely unrealistic on Vista

,----[ Quote ]
| Windows Vista does not ship with antivirus software installed and active,
| but for the first time Microsoft will be promoting their own antivirus
| service in Windows OneCare. Alex Eckelberry, CEO of Sunbelt Software,
| has already called Microsoft's plans predatory based on pricing. McAfee
| is focusing its critique on operating system design, arguing instead that
| Microsoft's decisions with Vista will simply make the operating system
| less secure.
| In the advertisement, McAfee CEO George Samunek is quoted as saying,
| "Microsoft is being completely unrealistic if, by locking security
| companies out of the kernel, it thinks hackers won't crack Vista's kernel.
| In fact, they already have." The advert continues: "With its upcoming
| Vista operating system, Microsoft is embracing the flawed logic that
| computers will be more secure if it stops co-operating with the
| independent security firms."


Vista still vulnerable

,----[ Quote ]
| Vulnerabilities in Windows Vista will plague users in coming months
| and years, a prominent security researcher warns, despite its
| security improvements over predecessor XP.


Digital Criminals

,----[ Quote ]
| My concern is that Microsoft says it does all sorts of great
| things to protect its code but doesn't like to tell anyone what
| it is. And it's not willing to compare best practices. Other
| people have developed a whole list of things of what companies
| should do to protect their code. And Microsoft is not telling
| them what they do.


Vista security overview: too little too late

,----[ Quote ]
| So, what have we got here? An adequately secure version of Windows,
| finally? I think not. We have got, instead, a slightly more secure
| version than XP SP2. There are good features, and there are good
| ideas, but they've been implemented badly. The old problems never
| go away: too many networking services enabled by default; too
| many owners running their boxes as admins and downloading every
| bit of malware they can get their hands on. But MS has, in a
| sense, shifted the responsibility onto users: it has addressed
| numerous issues where too much was going on automatically and
| with too many privileges. But this simply means that the ownerw
| ill be the one making a mess of their Windows box.
| Data hygiene is still an absolute disaster on Windows. In fact,
| it's worse than it ever was in some ways, and that's very bad
| indeed. Browser traces still in the registry, heavy and
| complicated indexing to improve search, new locations where data
| is being stored. It all adds up to a privacy nightmare. Keeping
| a Vista box "clean" is going to be impossible for all but the
| most knowledgeable and fastidious users.
| So don't rush out to buy Vista in hopes of getting much in
| return security-wise. I do like some of the changes, at least
| in theory, or as a decent platform on which to build an
| adequately secure version of Windows one day. But that day,
| if it ever comes, will be well in the future. 


Symantec: Microsoft conflict of interest is damaging internet

,----[ Quote ]
| Symantec's chief executive has lambasted Microsoft for a dangerous
| conflict of interest as both the provider of an operating system
| and seller of software designed to secure its users.
| [...]
| Thompson told RSA delegates: "You wouldn't want the company that is
| keeping your books to audit your books. The same logic should apply.
| You wouldn't want the company that created your company's operating
| platform to be the one that is securing it from a broad range of
| threats. It's a huge conflict of interest."


[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index