Please Scroll Down to See Forums Below
napsgear
genezapharmateuticals
domestic-supply
puritysourcelabs
UGL OZ
UGFREAK
napsgeargenezapharmateuticals domestic-supplypuritysourcelabsUGL OZUGFREAK

MS code leaked - first exploit released

OMGWTFBBQ

OMGWTFBBQ

brobe
A few days ago some MS source code from Win2k and WinNT 4 was released.

Now we have an exploit for it.

Basically if you haven't upgraded past IE 5, then you should do so now. It is a buffer overflow exploit using specially created bitmaps.

http://www.securitytracker.com/alerts/2004/Feb/1009067.html


Incidentally, this shit doesn't happen in open source since a ton of people have already gone through and found the exploits, and fixed them.

Whee doggie.
 
I think its a GREAT thing that it got leaked.


This will force MS to fix this shit... although I like their OS... they do need to fix some of the security issues.


Kudos to whoever leaked that shit to the public.
 
netscape
 
OMGWTFBBQ said:

Incidentally, this shit doesn't happen in open source since a ton of people have already gone through and found the exploits, and fixed them.
Click to expand...

No. Never. :rolleyes:
 
Re: Re: MS code leaked - first exploit released

jh1 said:


No. Never. :rolleyes:
Click to expand...

:)

Name one time that an open source browser has had an exploit released to the public?
They all get killed before the product is released due to mass scrutiny.

There is geek cred to be found in finding holes - people get way into that shit.
If you make your code open in the first place, then shit gets stopped.

There are plenty of apps that aren't open enough in the open source world that have issues - for instance the writer kept it close and didn't want to share - but then once the project got too big for one person, opened it up.
Then they find tons of holes in it nearly always.

In the end - Milo is right on - open source is good because other people do the work for you.
 
I can't name an open source browser.... but that is not what it is about.

The well known debate is 'Open Source' (ala Unix world) vs. Closed Source (ala Microsoft) in the world of security. We obviously both know the arugements on both sides... so there is no need to reiterate what they are to posture for each other.

Although less exploits are found in Open Source on a day to day basis, they do exist, they are discovered and exploits are written. No need for me to prove it because any fool can go to BugTraq and do their own searches.

Microsoft has their own issues - they think by keeping everything a secret - no one will ever know and will never be able to find the exploits - not to mention they want to protect their property. But in reality they have been proven wrong as well. Without the code exploits are found anyway...

They even tried to keep the exploits private for awhile - they know it doesn't work. They just don't know what to do.
 
Well one of their hopes is that they will beat hackers to the punch andx it before its discovered.. sometimes it works and sometimes it doesnt.


It just too bad that MS doesnt realize how much better their OS could be if they released the code.

If anyone blatantly ripped it they could still sue just like they can now.

its 50 million+ lines of code... it would take an army of engineers to decipher and do anything useful with it.

Peer review is ALWAYS your best bet if you believe in your product... its one of the biggest reasons why nothing is taken seriously in science until its gone through peer review.

MS has a great product... but it does have A LOT of room for improvement. Thousands of brilliant people have put a lot of their lives into MS's products... MS should have a little faith... open their code and let the community make it better.


I have a strong feeling that once people take a look at it (amatuer and professional programmers) they will see thats its great code that can be made even better.
 
The post below was brought to your courtesy of MS Hobgoblin, for all your trolling needs; look to MS Hobgoblin.

Milo Hobgoblin said:
Well one of their hopes is that they will beat hackers to the punch andx it before its discovered.. sometimes it works and sometimes it doesnt.


It just too bad that MS doesnt realize how much better their OS could be if they released the code.

If anyone blatantly ripped it they could still sue just like they can now.

its 50 million+ lines of code... it would take an army of engineers to decipher and do anything useful with it.

Peer review is ALWAYS your best bet if you believe in your product... its one of the biggest reasons why nothing is taken seriously in science until its gone through peer review.

MS has a great product... but it does have A LOT of room for improvement. Thousands of brilliant people have put a lot of their lives into MS's products... MS should have a little faith... open their code and let the community make it better.


I have a strong feeling that once people take a look at it (amatuer and professional programmers) they will see thats its great code that can be made even better.
Click to expand...
 
sorry... I guess I just dont think its as bad as you guys do.

I completely agree with you about the open source thing..

I just cant bring myself to hate something I work with every day and dont have many problems with.

just an opinion... Im not a professional coder... you guys are... maybe you can take a look at the source code and tell use what you really think.
 
What this post said:

OMGWTFBBQ said:
A few days ago some MS source code from Win2k and WinNT 4 was released.

Now we have an exploit for it.

Basically if you haven't upgraded past IE 5, then you should do so now. It is a buffer overflow exploit using specially created bitmaps.

http://www.securitytracker.com/alerts/2004/Feb/1009067.html


Incidentally, this shit doesn't happen in open source since a ton of people have already gone through and found the exploits, and fixed them.

Whee doggie.
Click to expand...

What it looked like to me:

"Bla bla bla, bla bla bla. Bla bla bla blabla bla bla blablabla. Bla bla bla. Bla bla bla, bla bla bla. Bla bla bla blabla bla bla blablabla. Bla bla blabla. Bla bla bla, bla bla bla. Bla bla bla blabla bla bla blablabla. Bla bla bla

www.blablabla/blabla.orghttp://


Bla bla bla, bla bla bla. Bla bla bla blabla bla bla blablabla. Bla bla bla.

Whee doggie."
 
I have personally seen and had to work with the MS_GINA and let me tell you, their code sucks in a way that cannot be described.

Well, the gina code sucks really really really bad. It's bigger than it needs to be and makes calls that do not need to be made.

Milo Hobgoblin said:
sorry... I guess I just dont think its as bad as you guys do.

I completely agree with you about the open source thing..

I just cant bring myself to hate something I work with every day and dont have many problems with.

just an opinion... Im not a professional coder... you guys are... maybe you can take a look at the source code and tell use what you really think.
Click to expand...
 
okay maybe this is a noob question... but what is MS_Gina??


and considering the stringent hiring standards MS has (they are fucking ridiculous) why do you think its like this?
 
The gina handles authentication.
It's the little login screen thingy when you hit ctrl+alt+del.

The hiring standards are tough. But getting fired from there is hard. I have a friend who literally wrote NO code for a year, didn't do ANYTHING before getting moved to a lesser position. He quit.

Milo Hobgoblin said:
okay maybe this is a noob question... but what is MS_Gina??


and considering the stringent hiring standards MS has (they are fucking ridiculous) why do you think its like this?
Click to expand...
 
You must log in or register to reply here.

Similar threads

M
N2-BULK!! Exclusive to MRSUPPS!!
Replies
39
Views
8K
MrSupps.com
M
N
  • Locked
Natural post cycle therapy. Holistic cycle support . The drug and steroid user Bible
Replies
70
Views
410K
Fitstitch
Fitstitch
future
Genomyx Protocol
Replies
0
Views
1K
future
future
future
Genomyx Protocol
Replies
0
Views
1K
future
future
Toptoon1
Steroid Profiles
Replies
0
Views
14K
Toptoon1
Toptoon1
Top Bottom