Q: What do you call a collection of killbits?
re: "several hundred" killbits included in IE 8 running on Vista.
A: A clear case of killbill.
New attack resurrects previously patched security bugs
Researchers may have figured out how to bypass a common technique Microsoft and other software makers have used to fix hundreds of security vulnerabilities over the past decade, according to a brief video previewing a talk scheduled for later this week at the Black Hat security conference. The video, posted here by security …
This topic is closed for new posts.
Game changer??
There were quite a few bugs in killbit implementation/design:
e.g. http://www.securityfocus.com/bid/16409
It seems that the whole killbit philosophy is broken, and very deeply for that matter
Funny that...
Told MS back in April there was a security issue with this as I had just found I had a certain ActiveX running despite the KIllBit being set... (but for me it was a good thing... I need that ActiveX).
I just hope they *don't* find a way to disable properly an ActiveX they didn't replace properly with a secure version or I'd be stuffed.
Sloppy coding ethics
Seems to be the mentality - instead of actually fixing the problem, write code to work "around" the bug. Then write more code to work around the problems in the code which goes around the bug. Rinse, repeat.
Which is why a fresh install needs about 8 to 10 rounds of updates. An update should only need to be done once on a new install and then be completely up to date at that time.
@ Balefire
"Sloppy coding ethics"
So no change there then and the main reason why the Joe Public is slowly but surely moving away from Microsoft. Here's the math (US vsn) or maths (UK vsn):-
Public spending increasingly more time on the Internet doing their banking/other really important stuff + massive security holes in your operating system/system integrated apps = HUGE FUCKING FAIL!
Wake up folks or get your shit hacked.
IE
When you install windows you should only use firefox downloader once.
And it looks like in Europe you will not have to use it at all!
Many
Peapole have known this for ages
To use IE on the internet, goto the settings and turn off activex(also a good idea to turn offf scripting too)
Then you can surf away with 2 huge security holes firmly closed
Dunno about the rest of them though.........
Pingu... because guess what I use
Why am I not surprised
The total lack of control exhibited by William and his merry men
leaves me in despair. Ever since he took over the role of our guardian we have been suffering regular incursions into out security and the "Whiz Kidz" who operate in his behalf are simply not up to the business. They should be fired and competent operators brought on board. Ever since I have been using Windows I have been subjected to regular down times owing to this incompetence and I have been strongly tempted to change over to "Apple" pie instead. Can William and his gang assure me that they will be responsible for any data loss I endure and will pick up the expenses of adjusting to the renewal of my system? Francis Offord, NOT well "gruntled".
Activex. Don't you just love it
How often do activex issues come up? Wouldn't it be a good idea to scrap the sorry mess and start again
This topic is closed for new posts.
Sign up, sign up for The Register's weekly IT security newsletter - click here
Popular Whitepapers
- The BI Inflexion Point
Information is a right, not a privilege - Risk and Resilience
The application availability gamble - Register Research on: Agile development - is it right for you
Reaping the benefits of modern software practice - The Register Guide to managing spam
A primer on the implications for enterprise IT - The Register Guide to email security
A primer on the challenges of securing email and approaches to resolving them - High Performance for All
Responding to the needs of compute-intensive workloads
