Microsoft confirms IE zero-day behind Google attack

[Conor]

In article <hitkes$e9k$4@news.eternal-september.org>, RonB says...

> Good point. I think it's time for the kids to get Linux.

I give it a week before you get so pissed off with their whinging that
you put Windows back on.

--
Conor
www.notebooks-r-us.co.uk

I'm not prejudiced. I hate everybody equally.

 

[RonB]

On Sun, 17 Jan 2010 00:47:20 +0000, Conor wrote:

> In article <hitkes$e9k$4@news.eternal-september.org>, RonB says...
>
>> Good point. I think it's time for the kids to get Linux.
>
> I give it a week before you get so pissed off with their whinging that
> you put Windows back on.

I'll probably have to keep one XP computer set up for Windows games. But
nothing that they do on the Internet, the older ones play RuneScape and
other Flash games, can't be done on Linux. But the older kids haven't had
much trouble with malware, it's the younger ones and Cartoon Network, or
Nickelodeon (or one of those) that seems to cause the problems. That, and
the "You've got a virus" trojan that downloaded itself on my wife's
computer.

--
RonB
"There's a story there...somewhere"

 

[Frank]

RonB wrote:
> On Sat, 16 Jan 2010 16:18:23 -0800, Frank wrote:
>
>> RonB wrote:
>
>> That *is* what
>>> I did with my brother's new, upstairs computer (CentOS) and what I did
>>> when I rebuilt his kid's computer. Actually I made that one dual-boot
>>> XP and Vector Linux. XP is only used for playing games. All Internet
>>> usage is done on the Vector Linux side. I also rebuilt a fellow
>>> employee's computer for his daughter. He didn't want to worry about
>>> viruses, so requested I install Linux. That one was a Pentium 3, so I
>>> put Debian on it -- another employee put Ubuntu on his nephew's
>>> computer because he was always getting viruses with Windows XP.
>>>
>>> Good point. I think it's time for the kids to get Linux.
>> Yep! You better get with it or else find out just WTF these people are
>> web surfing!...LOL!
>
> I already know what my kids are doing -- they're running Cartoon Network,
> and other sites that have online flash games and cartoons and the constant
> "do you want to load this?" "opportunities." Since my wife's computer is
> the fastest in the house, they often mess it up and she has to reboot
> nearly daily -- not that her AOL software (which she keeps for their free
> email address) isn't enough of a pain in the ass anyhow. She likes the way
> AOL works and won't uninstall the crap, even though she can still get her
> AOL email from the website.
>
> As for my brother's kids -- they went to the same sites as my kids do.
> They no longer have a problem, though, because they use Linux.
>
> As for my fellow employee's kid, this was her first computer. She didn't
> have a problem because she started with Linux. He father didn't want to
> have to worry about viruses, however.
>
> As for his grown nephew -- he is always on "questionable" file sharing
> sites, which made my fellow employee fed up enough with having to rebuild
> the Windows computer. Hence the demand, you *will* install Linux or I'll
> quit fixing your computer. Personally, I think it would have been a better
> idea to let him destroy his computer and not fix it. But it does
> illustrate the point that malware, viruses and trojans are not a Linux
> problem.
>
Nor are they a problem for me and I have only WSE loaded and it block's
all the crap.

The way you talk, every Windows box in the world is comprised, which
simply is not true.

 

[Alias]

Conor wrote:
> In article <hitj7o$lpk$1@news.eternal-september.org>, Alias says...
>> Conor wrote:
>>> In article <hiti9k$evm$1@news.eternal-september.org>, Alias says...
>>>> Conor wrote:
>>>>> In article <7reti8F63mU1@mid.individual.net>, bbgruff says...
>>>>>> Conor wrote:
>>>>>>
>>>>>>> In article <20100116220941.3552.85403.XPN@nogodhere.net>, Enkidu says...
>>>>>>>
>>>>>>>> And yet, Linux *is* more stable than Windows. Do you know anyone who has
>>>>>>>> a Windows box running for a year without a reboot?
>>>>>>> Yep. Last time I updated the graphics drivers on Windows 7 I didn't need
>>>>>>> to reboot whereas in Linux, you'd have to recompile them every kernel
>>>>>>> update.
>>>>>> I don't that
>>>>>> suppose anybody is minded to educate this poor lad?
>>>>> Are you denying that you have to recompile or reinstall nVidia or ATI
>>>>> graphics card drivers every time you update the kernel?
>>>>>
>>>> I've updated the kernel twice with Karmic and the nVidia graphic drivers
>>>> didn't need anything done to them and they just kept on keeping on.
>>> Maybe nVidia have finally automated it then. About time.
>>>
>>> Did you need to reboot when you updated the Kernel?
>>>
>> Yes. And if nVidia comes out with a new driver, I will have reboot after
>> that.
>
> Ah, something Windows 7 appears to have got past.
>

Appears?

--
Alias

 

[Frank]

Alias wrote:
> Conor wrote:
>> In article <hitj7o$lpk$1@news.eternal-september.org>, Alias says...
>>> Conor wrote:
>>>> In article <hiti9k$evm$1@news.eternal-september.org>, Alias says...
>>>>> Conor wrote:
>>>>>> In article <7reti8F63mU1@mid.individual.net>, bbgruff says...
>>>>>>> Conor wrote:
>>>>>>>
>>>>>>>> In article <20100116220941.3552.85403.XPN@nogodhere.net>, Enkidu
>>>>>>>> says...
>>>>>>>>
>>>>>>>>> And yet, Linux *is* more stable than Windows. Do you know
>>>>>>>>> anyone who has
>>>>>>>>> a Windows box running for a year without a reboot?
>>>>>>>> Yep. Last time I updated the graphics drivers on Windows 7 I
>>>>>>>> didn't need
>>>>>>>> to reboot whereas in Linux, you'd have to recompile them every
>>>>>>>> kernel
>>>>>>>> update.
>>>>>>> I don't that
>>>>>>> suppose anybody is minded to educate this poor lad?
>>>>>> Are you denying that you have to recompile or reinstall nVidia or
>>>>>> ATI graphics card drivers every time you update the kernel?
>>>>>>
>>>>> I've updated the kernel twice with Karmic and the nVidia graphic
>>>>> drivers didn't need anything done to them and they just kept on
>>>>> keeping on.
>>>> Maybe nVidia have finally automated it then. About time.
>>>>
>>>> Did you need to reboot when you updated the Kernel?
>>>>
>>> Yes. And if nVidia comes out with a new driver, I will have reboot
>>> after that.
>>
>> Ah, something Windows 7 appears to have got past.
>>
>
> Appears?
>
FUCK!...just caught you in another lie cody ...you don't use Windows 7
or else you'd know it does not reboot when installing graphic drivers.
Big fucking OOPS!!!...LOL!

 

[Joel]

Frank <fab@scu.kma> wrote:
>RonB wrote:
>>
>> But it does
>> illustrate the point that malware, viruses and trojans are not a Linux
>> problem.
>>
>Nor are they a problem for me and I have only WSE loaded and it block's
>all the crap.


I don't use any security software at all (now with Win7, nor with XP
since SP2 came out). Windows is perfectly secure - if people don't
want to take the simplest precautions, they're gonna keep getting
malware. And if they all switched to Linux, magically there would be
more concentration on hacking/infecting it.


>The way you talk, every Windows box in the world is comprised, which
>simply is not true.


COLA is pretty well-known for people almost implying such things. And
for attacking anyone who disagrees, as if we're invading their
personal space by posting anything other than like-minded thoughts
(although RonB is not one of those people, it should be noted).

--
Joel Crump

 

[Al Smith]

Alias wrote:
> <http/www.computerworld.com/s/article/9144938/Microsoft_confirms_IE_zero_day_behind_Google_attack>
>
>
> Do you use IE? DON'T!
>


That's been excellent advice for the past several years.

-Al-

 

[Al Smith]

Conor wrote:
> In article<20100116190600.4260.6543.XPN@nogodhere.net>, Enkidu says...
>
>> Letting developers off the hook for writing shitty insecure software
>> doesn't help anyone. Granny shouldn't have to know to disable java in
>> Adobe Reader or any of a thousand other stupid holes developers have
>> left open. The developers should be liable for the damages their
>> software errors cause.
>>
> Does that include the Linux devs as well?
>
>> Would you accept it as "just life" if your car stopped working at 10,000
>> miles because the odometer buffer overflowed? Why is softeware treated
>> differently?
>
> Because a car only has 1500 or so parts, not millions. It is far more
> simpler. It also doesn't have hundreds of thousands of people
> deliberately trying to break it for personal monetary gain.
>
>
>

No, it's because software was so damned buggy and problematical in
the early days of personal computing, that if the software writers
had been held legally responsible for the damage they caused, the
software would never have been written.

-Al-

 

[Peter Köhlmann]

Joel wrote:

> Frank <fab@scu.kma> wrote:
>>RonB wrote:
>>>
>>> But it does
>>> illustrate the point that malware, viruses and trojans are not a Linux
>>> problem.
>>>
>>Nor are they a problem for me and I have only WSE loaded and it block's
>>all the crap.
>
>
> I don't use any security software at all (now with Win7, nor with XP
> since SP2 came out).

Proving beyond any doubt that "stupid" does not describe you.
You are way beyond that. "Criminally and terminally Dumb" might describe
it somewhat better

> Windows is perfectly secure - if people don't
> want to take the simplest precautions, they're gonna keep getting
> malware.

And you can get by by simply using your psychic powers. You just don't
click on those links which would lead you to a malware site, you simply
leave a site seconds before the infected ad-picture will be served.

All "precautions" every "good, psychic windows user" will employ
naturally.

Pull another one, and just don't assume that people are as stupid as you
need them to be to buy that garbage you are spouting

> And if they all switched to Linux, magically there would be
> more concentration on hacking/infecting it.

Certainly. More attempts would be made. That does not mean that they would
be successful

>
>>The way you talk, every Windows box in the world is comprised, which
>>simply is not true.
>
>
> COLA is pretty well-known for people almost implying such things.

You might try to find *any* such claim.
Your "pulling a Hadron" is noted

> And for attacking anyone who disagrees,

And here is the knock down of the strawman you just built

> as if we're invading their
> personal space by posting anything other than like-minded thoughts
> (although RonB is not one of those people, it should be noted).
>

Did it occur to you where you are posting your shite?
Did you notice "windows" anywhere in "COLA"?
--
Only two things are infinite,
the Universe and Stupidity.
And I'm not quite sure about the former.
- Albert Einstein

 

[Chris Ahlstrom]

Frank pulled this Usenet boner:

> Chris Ahlstrom wrote:
>> Frank pulled this Usenet boner:
>>
>>> Oh and I see you're cross posting to comp.os.linux.advocacy, that den of
>>> MS hate mongers.
>>
>> MS does a fine job of mongering MS hate on its own.
>>
>> http://www.groklaw.net/staticpages/index.php?page=2005010107100653
>>
>> Microsoft Litigation
>>
>> Please note that this is not a complete list, and if you have other cases
>> you'd like to have included, please let us know. You can click on the
>> email icon to email PJ. Thank you.
>>
> Thanks for proving my point, you MS hate filled linturd asshole loser.

(Are many Microsoft fans like this guy?)

--
Caution: Keep out of reach of children.

 

[Canuck57]

On 16/01/2010 34 PM, Frank wrote:
> Enkidu wrote:
>> Conor wrote:
>>
>>> In article <20100116193303.4260.49478.XPN@nogodhere.net>, Enkidu says...
>>>> Conor wrote:
>>>>
>>>>> In article <20100116190600.4260.6543.XPN@nogodhere.net>, Enkidu
>>>>> says...
>>>>>
>>>>>> Letting developers off the hook for writing shitty insecure software
>>>>>> doesn't help anyone. Granny shouldn't have to know to disable java in
>>>>>> Adobe Reader or any of a thousand other stupid holes developers have
>>>>>> left open. The developers should be liable for the damages their
>>>>>> software errors cause.
>>>>>>
>>>>> Does that include the Linux devs as well?
>>>> It's hard to get a refund for something you didn't pay for in the first
>>>> place.
>>> And? That doesn't excuse it. It is even less excusable considering
>>> that open source is supposed to have everyone able to look at the code.
>>
>> And yet, Linux *is* more stable than Windows.
>
> *BULLSHIT*, it isn't. Maybe you need to go to a real linux help forum to
> get the truth and I don't mean that den of MS hatred, the linux advocacy
> ng where you'll find the assholes losers of Earth posting.
>
> Do you know anyone who has
>> a Windows box running for a year without a reboot?
>
> So what does re-booting have to do with stability?
> Also if you're running linux for a year without re-booting then your
> kernel and software is most likely out of date.
> Oops!

I have ran linux under load uninterupted for 4.25 years without a reboot
and no appliciation down time.

It only had to be rebooted as the UPS batteries melted and needed
replacing. In the servers previous deployment it ran NT but they
couldn't get it running as stable so it was a hand me down.

It was a private gateway with DNS, squid, FTP forwarding and firewall.
Cron cleaned the cache and restarted squid each week. Management forgot
that it existed until the UPS went down.

Fedora 6.1 or something.

It isn't MS hatred, although I could see why you could argue that.
After years of 2am calls for what is a MS problem some people do get
bitter. I think it is the zealot fascism that irks us the most.

Many of us have a brain that can expand beyond heil MS, and use the
right tools for the right job. To a MS zealot like yourself you feel a
Microsoft hammer fixes everything.

 

[Alias]

Enkidu wrote:
> Frank wrote:
>
>>> MS does a fine job of mongering MS hate on its own.
>>>
>>> http://www.groklaw.net/staticpages/index.php?page=2005010107100653
>>>
>>> Microsoft Litigation
>>>
>>> Please note that this is not a complete list, and if you have other cases
>>> you'd like to have included, please let us know. You can click on the
>>> email icon to email PJ. Thank you.
>>>
>> Thanks for proving my point, you MS hate filled linturd asshole loser.
>
> You had a point? What was it?
>

The only points that Frank ever makes are lies, insults, animal sex
fantasies and bluster. He also laughs at his own lame jokes.

--
Alias

 

[Alias]

Chris Ahlstrom wrote:
> Frank pulled this Usenet boner:
>
>> Chris Ahlstrom wrote:
>>> Frank pulled this Usenet boner:
>>>
>>>> Oh and I see you're cross posting to comp.os.linux.advocacy, that den of
>>>> MS hate mongers.
>>> MS does a fine job of mongering MS hate on its own.
>>>
>>> http://www.groklaw.net/staticpages/index.php?page=2005010107100653
>>>
>>> Microsoft Litigation
>>>
>>> Please note that this is not a complete list, and if you have other cases
>>> you'd like to have included, please let us know. You can click on the
>>> email icon to email PJ. Thank you.
>>>
>> Thanks for proving my point, you MS hate filled linturd asshole loser.
>
> (Are many Microsoft fans like this guy?)
>

No, Frank is unique. Not many people are as clueless and disgusting as
Frank.

--
Alias

 

[Alias]

Kerry Brown wrote:
> The code used in the attack is only effective against IE6 and possibly
> IE7 and 8 on computers running XP SP2 or older OS's. It's also possible
> that if someone deliberately relaxed the security way beyond what would
> be considered normal that newer OS's with newer versions of IE may be
> affected.
>
> http://blogs.zdnet.com/Bott/?p=1645
>
> I'd say the message here is to keep things up to date and don't relax
> security in the name of convenience. You'd have to be a couple years
> behind on updates or an idiot to be affected by this. It's mind boggling
> that the companies that got hacked are that mindless about updates. The
> story that's slowly emerging is that there were probably several
> different methods used to penetrate their security.
>

Wrong. IE8 is also affected as is Windows 6.1, er 7:

http://news.bbc.co.uk/2/hi/technology/8463516.stm

From the article:

"Graham Cluley of anti-virus firm Sophos, told BBC News that not only
did the warning apply to 6, 7 and 8 of the browser, but the instructions
on how to exploit the flaw had been posted on the internet."

--
Alias

 

[Ezekiel]

"Canuck57" <Canuck57@nospam.com> wrote in message
news:4SE4n.8003$nR4.6713@newsfe01.iad...
> On 16/01/2010 34 PM, Frank wrote:
>> Enkidu wrote:

>>
>> Do you know anyone who has
>>> a Windows box running for a year without a reboot?
>>
>> So what does re-booting have to do with stability?
>> Also if you're running linux for a year without re-booting then your
>> kernel and software is most likely out of date.
>> Oops!
>
> I have ran linux under load uninterupted for 4.25 years without a reboot
> and no appliciation down time.
>
> It only had to be rebooted as the UPS batteries melted and needed
> replacing. In the servers previous deployment it ran NT but they couldn't
> get it running as stable so it was a hand me down.
>
> It was a private gateway with DNS, squid, FTP forwarding and firewall.
> Cron cleaned the cache and restarted squid each week. Management forgot
> that it existed until the UPS went down.

Congratulations on doing such a piss-poor job maintaining your servers.
Obvioiusly to you it's much more important at work to get a 4.25 year uptime
than it is to actually apply all of the important and critical security
patches that were released over that 4 year period. After all, why bother
keeping the work network secure.

 

[Death]

Ezekiel wrote:

>
> "Canuck57" <Canuck57@nospam.com> wrote in message
> news:4SE4n.8003$nR4.6713@newsfe01.iad...
>> On 16/01/2010 34 PM, Frank wrote:
>>> Enkidu wrote:
>
>>>
>>> Do you know anyone who has
>>>> a Windows box running for a year without a reboot?
>>>
>>> So what does re-booting have to do with stability?
>>> Also if you're running linux for a year without re-booting then your
>>> kernel and software is most likely out of date.
>>> Oops!
>>
>> I have ran linux under load uninterupted for 4.25 years without a reboot
>> and no appliciation down time.
>>
>> It only had to be rebooted as the UPS batteries melted and needed
>> replacing. In the servers previous deployment it ran NT but they couldn't
>> get it running as stable so it was a hand me down.
>>
>> It was a private gateway with DNS, squid, FTP forwarding and firewall.
>> Cron cleaned the cache and restarted squid each week. Management forgot
>> that it existed until the UPS went down.
>
> Congratulations on doing such a piss-poor job maintaining your servers.
> Obvioiusly to you it's much more important at work to get a 4.25 year uptime
> than it is to actually apply all of the important and critical security
> patches that were released over that 4 year period. After all, why bother
> keeping the work network secure.
>

Maybe he works @ Google.
--

Vita brevis breviter in brevi finietur,
Mors venit velociter quae neminem veretur.

 

[Ezekiel]

"Death" <death@rottingcorpses.x-x> wrote in message
news:4b533fd1$1@news.x-privat.org...
> Ezekiel wrote:
>
>>
>> "Canuck57" <Canuck57@nospam.com> wrote in message
>> news:4SE4n.8003$nR4.6713@newsfe01.iad...
>>> On 16/01/2010 34 PM, Frank wrote:
>>>> Enkidu wrote:
>>
>>>>
>>>> Do you know anyone who has
>>>>> a Windows box running for a year without a reboot?
>>>>
>>>> So what does re-booting have to do with stability?
>>>> Also if you're running linux for a year without re-booting then your
>>>> kernel and software is most likely out of date.
>>>> Oops!
>>>
>>> I have ran linux under load uninterupted for 4.25 years without a reboot
>>> and no appliciation down time.
>>>
>>> It only had to be rebooted as the UPS batteries melted and needed
>>> replacing. In the servers previous deployment it ran NT but they
>>> couldn't
>>> get it running as stable so it was a hand me down.
>>>
>>> It was a private gateway with DNS, squid, FTP forwarding and firewall.
>>> Cron cleaned the cache and restarted squid each week. Management forgot
>>> that it existed until the UPS went down.
>>
>> Congratulations on doing such a piss-poor job maintaining your servers.
>> Obvioiusly to you it's much more important at work to get a 4.25 year
>> uptime
>> than it is to actually apply all of the important and critical security
>> patches that were released over that 4 year period. After all, why
>> bother
>> keeping the work network secure.
>>
>
> Maybe he works @ Google.

If this ever happend at ${EMPLOYER} he would be someone that once worked
here at one time.

 

[Kerry Brown]

"Alias" <Alias@nospam.com.invalid> wrote in message
news:hivela$hhf$6@news.eternal-september.org...
> Kerry Brown wrote:
>> The code used in the attack is only effective against IE6 and possibly
>> IE7 and 8 on computers running XP SP2 or older OS's. It's also possible
>> that if someone deliberately relaxed the security way beyond what would
>> be considered normal that newer OS's with newer versions of IE may be
>> affected.
>>
>> http://blogs.zdnet.com/Bott/?p=1645
>>
>> I'd say the message here is to keep things up to date and don't relax
>> security in the name of convenience. You'd have to be a couple years
>> behind on updates or an idiot to be affected by this. It's mind boggling
>> that the companies that got hacked are that mindless about updates. The
>> story that's slowly emerging is that there were probably several
>> different methods used to penetrate their security.
>>
>
> Wrong. IE8 is also affected as is Windows 6.1, er 7:
>
> http://news.bbc.co.uk/2/hi/technology/8463516.stm
>
> From the article:
>
> "Graham Cluley of anti-virus firm Sophos, told BBC News that not only did
> the warning apply to 6, 7 and 8 of the browser, but the instructions on
> how to exploit the flaw had been posted on the internet."
>
> --
> Alias

You'll have to go over all the news items and blogs again then reread my
post. All versions of IE are vulnerable if you change some of the security
settings from the default. Any program may become vulnerable if you
purposely relax security.

--
Kerry Brown
MS-MVP - Windows Desktop Experience: Systems Administration
http://www.vistahelp.ca/phpBB2/

 

[Alias]

Kerry Brown wrote:
>
> "Alias" <Alias@nospam.com.invalid> wrote in message
> news:hivela$hhf$6@news.eternal-september.org...
>> Kerry Brown wrote:
>>> The code used in the attack is only effective against IE6 and
>>> possibly IE7 and 8 on computers running XP SP2 or older OS's. It's
>>> also possible that if someone deliberately relaxed the security way
>>> beyond what would be considered normal that newer OS's with newer
>>> versions of IE may be affected.
>>>
>>> http://blogs.zdnet.com/Bott/?p=1645
>>>
>>> I'd say the message here is to keep things up to date and don't relax
>>> security in the name of convenience. You'd have to be a couple years
>>> behind on updates or an idiot to be affected by this. It's mind
>>> boggling that the companies that got hacked are that mindless about
>>> updates. The story that's slowly emerging is that there were probably
>>> several different methods used to penetrate their security.
>>>
>>
>> Wrong. IE8 is also affected as is Windows 6.1, er 7:
>>
>> http://news.bbc.co.uk/2/hi/technology/8463516.stm
>>
>> From the article:
>>
>> "Graham Cluley of anti-virus firm Sophos, told BBC News that not only
>> did the warning apply to 6, 7 and 8 of the browser, but the
>> instructions on how to exploit the flaw had been posted on the internet."
>>
>> --
>> Alias
>
> You'll have to go over all the news items and blogs again then reread my
> post. All versions of IE are vulnerable if you change some of the
> security settings from the default. Any program may become vulnerable if
> you purposely relax security.
>

As I don't use Internet Explorer, I don't have to do anything. I don't
even use Windows to surf the Net. That said, raising the Internet
security in IE to high will disable the ability to surf to many web
sites. The default settings of IE8 are NOT recommended by anyone,
including Microsoft.

Sooooooooo, it's time for YOU to apologize to me and to all the readers
you've mislead with this post as an "MVP".

--
Alias

 

[Peter Köhlmann]

Alias wrote:

> Chris Ahlstrom wrote:
>> Frank pulled this Usenet boner:
>>
>>> Chris Ahlstrom wrote:
>>>> Frank pulled this Usenet boner:
>>>>
>>>>> Oh and I see you're cross posting to comp.os.linux.advocacy, that
>>>>> den of MS hate mongers.
>>>> MS does a fine job of mongering MS hate on its own.
>>>>
>>>> http://www.groklaw.net/staticpages/index.php?page=2005010107100653
>>>>
>>>> Microsoft Litigation
>>>>
>>>> Please note that this is not a complete list, and if you have
>>>> other cases you'd like to have included, please let us know. You
>>>> can click on the email icon to email PJ. Thank you.
>>>>
>>> Thanks for proving my point, you MS hate filled linturd asshole loser.
>>
>> (Are many Microsoft fans like this guy?)
>>
>
> No, Frank is unique. Not many people are as clueless and disgusting as
> Frank.
>

Well, DumbFullShit may apply, because he is truly dumb and also a
disgusting racist (a trait shared by many windows users, obviously). And
Hadron Snot Quark, perhaps, for the same reasons. "The Bee" certainly, as
he is the only one in COLA about as stupid as "Frank"
--
I refuse to have a battle of wits with an unarmed person.