Feeds

back to article Microsoft douses Flame

Microsoft has noticed Flame, the malware supposedly burning up the middle east and spreading like wildfire to the rest of the world, and has taken steps to stop it before becoming an uncontrollable conflagration. Redmond's chief concern, according to Mike Reavey, a senior director of the Microsoft Trustworthy Computing effort, …

COMMENTS

This topic is closed for new posts.
Silver badge

So basically ...

... microsoft is closing the backdoor that the spooks used, now that it's out in the open. Loverly. During the meanwhile, all over the world, idiots with absolutely no knowledge of computer security are still using consumer-grade operating systems in places where they are contra-indicated ... even at the National "Security" level.

My mind boggles, and I weep. Back in the day, we knew what security was.

10
1
Bronze badge
Happy

"Microsoft trustworthy computing"

Could this be the world's greatest oxymoron?

10
2
Silver badge

Re: "Microsoft trustworthy computing"

That rather depends on what you trust it to do...

1
0
Anonymous Coward

Re: "Microsoft trustworthy computing"

Whatever MS may have wanted us to think, "trusted computing" was never really about end users and IT departments being able to trust that the systems they paid for were trustworthy, secure and reliable and generally fit for purpose..

"Trusted computing" was about "content providers" being able to trust that Windows and the kit associated with Windows could be trusted not to leak valuable digital copies of their valuable "content". Content providers had to trust that all the way from BluRay or DRM-infested stream via Windows (desktop, set top box, etc) to the HDCP-connected display, no leakage of protected digital content could occur.

Did it work?

0
0
Anonymous Coward

1999 called

They want their joke back.

2
0
Anonymous Coward

Does this mean all I need is an unpatched version of the service and I can sign code to my heart's content? If that is the case, do they really think that the people who write malware and use this exploit are actually going to apply this patch rather than, say, ignore the update and exploit this hole some more?

2
1
Silver badge

Yes you can continue signing

But the signature will not be recognized by the computers that have been patched, ie your targets (well, hopefully).

So yes, Microsoft is actually closing the loophole, because the only computers the malware writers will be able to infect will be those that have not been patched.

At least I hope so.

1
0
Anonymous Coward

Thanks Reg, this is a really hot tip. You guys are on fire lately.

1
0
(Written by Reg staff)

Well played, Sir.

0
0
Gold badge
Coat

Warm praise indeed!

0
0
Silver badge
Joke

This is merely a test drive...

While we're made to think that MS is busy hunting malware and such this is really a ruse...

Because when Win8 ships Redmond is needs to be ready for a lot of new released malware which will trick users into running it in order to "re-install the start menu". As such; a field test was in order!

4
1

My Windows machine updated this morning.

Since then my CPU and GPU temps have gone down by five degrees.

1
0

So...

It wasn't that lame after all.

Telling for people who thought Kaspersky showed off in a weird way, like bragging to unearth a virus which was undetected for years.

0
0
Black Helicopters

Microsoft didn't break MD5

It's called a "collision attack" and comes about because of vunerabilties in the long-troubled MD5 algorithm (see http://www.win.tue.nl/hashclash/rogue-ca/). Mostly the fault lies with certificate authorities who continue to use this weak algorithm.

SHA1 is starting to look vulnerable too now - are we going to find a way to blame that on Microsoft too?

Grow up everyone - it's time to realise that this is an industry problem, not a vendor problem...

2
0
Thumb Down

Re: Microsoft didn't break MD5

...except that it seems someone at Ms forgot to follow their own advice from way back in 2008:

http://blogs.technet.com/b/srd/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx

1
0

flame control panel

looks like the flame control panel is available on http://flamer.com - ID 62674 hee hee

0
0
This topic is closed for new posts.