Just when Microsoftians had begun to hope that Vista was the answer to their security problems, it turns out there’s a flaw dating back 8 years, and which Microsoft reassured it had long since fixed, lurking in the woodshed.

Link to The Register

excerpt:

Microsoft on the hunt for ‘serious’ Windows flaw
Microsoft bug squashers are investigating reports of a serious security vulnerability in Windows operating systems that could allow attackers to take control of vast numbers of machines, particularly those located off US shores.
A Microsoft spokesman had only minimal details about the investigation, which was prompted by a presentation last week by researcher Beau Butler at the Kiwicon security conference in New Zealand. According to this report in the Sydney Morning Herald, the flaw affects every version of Windows including Vista and is actually the continuation of an old vulnerability that Microsoft supposedly fixed years ago.

I’m really amazed of the industry still embracing MS operating systems. Such inertia is just astonishing. 

It means more Mac sales.

Best thread title ever.

As far as I can tell, it’s unlikely to affect most home/small business customers, and it may be difficult to perpetrate anonymously. But nevertheless it’s a big one. How like MS to fix a bug, but only for .com domains.

I love how Tommo blows off similar security vulernabilites reported for OS X, but immediatly jumps on to the lastest Windows vulnerability alert with all the zeal of a televangelist, telling the faithful of the woes of the followers of Satan, so you can go out and spread the word of Mac.

Let me take Tommo’s typical response to OS X vulnerabilities and apply it to this Windows vulnerability.
1. Affects versions of Windows with IE 5.0 and higher that use Web Proxy Auto-Discovery
2. You have to turn on Web Proxy Auto-Discovery
3. The 3rd level of your domain has to have a two part identifier; “.co.uk” if your domain has a one part identifier “.com” it doesn’t go outside your domain.
4. Your domain has to not already have a WPAD script setup.

So, not only does this vulnerability require user intervention to setup, it also requires that your domain not already have a wpad script setup in it’s domain to begin with, and that your domain have a two or more part identifier that another party could take advantage of by registering it as their website; eg “wpad.co.uk”

daemon,

You may have noticed this is an Apple board, not a Windows apologist board. Sorry if you ended up in the wrong place. Exits are located in front of you, to your left, right and at the rear.

/proud to “spread the word of Mac”

[quote author=“Tommo_UK”]daemon,

You may have noticed this is an Apple board, not a Windows apologist board. Sorry if you ended up in the wrong place. Exits are located in front of you, to your left, right and at the rear.

/proud to “spread the word of Mac”

Yet you feel no need to discuss Apple. Instead you discuss Microsoft, I find this ironic.

[quote author=“daemon”][quote author=“Tommo_UK”]daemon,
You may have noticed this is an Apple board, not a Windows apologist board. Sorry if you ended up in the wrong place. Exits are located in front of you, to your left, right and at the rear.
/proud to “spread the word of Mac”

Yet you feel no need to discuss Apple. Instead you discuss Microsoft, I find this ironic.

daemon, I’ve written about 20,000 posts about Apple. Now get back to your cave before your sense of irony overwhelms you.

[quote author=“Tommo_UK”][quote author=“daemon”][quote author=“Tommo_UK”]daemon,
You may have noticed this is an Apple board, not a Windows apologist board. Sorry if you ended up in the wrong place. Exits are located in front of you, to your left, right and at the rear.
/proud to “spread the word of Mac”

Yet you feel no need to discuss Apple. Instead you discuss Microsoft, I find this ironic.

daemon, I’ve written about 20,000 posts about Apple. Now get back to your cave before your sense of irony overwhelms you.

I’ve read alot of your posts, most of them weren’t about Apple.

tommo, no need to get excited

Oh boy, ring side seats to the ultimate smack down.   

d

Tommo isn’t the only one—read the comments to the article he cited. Most of them appear to be written by “televangelists” too.

...or perhaps they’re just realists and not daemon-izers…

(BTW, Mac OS X has no “similar security vulernabilites [ sic ].” Apple wouldn’t do anything that stupid.)

[quote author=“deasys”]
(BTW, Mac OS X has no “similar security vulernabilites [ sic ].” Apple wouldn’t do anything that stupid.)

You mean the QuickTime Vulnerability that allowed execution of code on any machine doesn’t count?

Knock yourselves out Tweedledum and Tweedledee

Too smug for his own good Tommo. Those who know, don’t come here for FUD but for info, I get mine here. Yahoo and all the other FUD sites give plenty of negative BS. You did right telling the bugger to piss off (Apologies to tender eyes)