Spies and crooks RAVAGE Microsoft's unpatched 0-day HOLE Both cybercrooks and cyberspies have seized on a recently discovered and as-yet-unpatched Microsoft vulnerability to run attacks. Hackers have seized on the zero-day vulnerability, starring a buggy Microsoft graphics component, to run attacks featuring malicious Word documents. Microsoft issued a temporary workaround last …
That this 'bug' is not one of those nice little NSA backdoors?
Also, it will be interesting to see how the blame for this will be shifted to one E. Snowden. After all, the phrase 'think of the children' seem to be trotted out whenever another spying revelation comes to light.
anon. I don't want any NSA bods trying my 'back door'.
Companies, esp FTSE100 and other countries equivalents, need to do their due diligence and move away from Microsoft products as they are a massively disproportion target for thieves and scoundrels.
It won't be long before our US litigationists decide that this is a good way to get some cash when one of their investments looses some value due to hacking/malfeasance targeted at some holey MS product.
"litigationists" because people in the US love isting English words.
"and move away from Microsoft products as they are a massively disproportion target for thieves and scoundrels."
The realistic alternatives like Linux and OS-X have far more vulnerabilities than current Windows versions though - as soon as they got popular you would have the same problem....
Shockingly, I have once again completely avoided a potential exploit by simply running up-to-date software. Whether you are on a Linux box or a Winblows box, running ancient versions of the OS or of the office suite is more likely to leave you open to vulnerabilities.
D'uh!
Face it - it's 2013. If you are running critical production devices on Win XP or Win Server 2003, you are likely to get what's coming to you, as surely as if you are running Ubuntu Warty Warthog from 2004 on your servers. It's going to be very difficult to keep it patched against all potential security threats.
As I read it
Office 2003 or Office 2007 - you're stuffable.
Office 2010 - you're stuffable
Office 2013 - you're stuffable if you're running XP / Server2003
'Not being stuffed by yet another buffer overrun bug' has probably doubled the reasons to upgrade Office from Office XP, nevermind later.
These versions of Microsoft Windows and Microsoft Office are supported versions. Therefore they are up-to-date and ought to be safe, as we were told when we bought them.
I expect to get more than a couple of years' use out of a computer before it is given over to international hackers to abuse as they please.
Bear in mind, too, that new products have new features that are uniquely exploitable. There are special ways to get you written into HTML 5, for instance.
>If I read their site correctly, the problem affects all versions of Windows and Office except for the 2% which have the combination of office 2010 + (server 2003 or xp)
From the link in the article, I read that only the Office 2010 on Server 2003 and XP is an issue, and that higher (read more recent) systems are fine. Also Office 2013 is not affected on any system. Sounds like planned obsolescence to me.
"Indeed, who *does* use TIFF as a common file format? "
It's used in photography as it's lossless , indeed I think some RAW formats are modified TIFF. Certainly photo processing software like the panorama program Hugin uses it internally for intermediates and can also export it.
TIFF is commonly used by scanning software, and by "imaging" (i.e., taking physical documents, scanning them, and storing and retrieving them) applications generally.
It was invented by Aldus and is now controlled by Adobe (in the sense that they hold the copyright on the specification). Derivative formats have been published by ISO and the IETF (eg RFC 2306).
One main advantage of TIFF, as Chemist noted, is that it can be used to store images in lossless encodings (uncompressed or LZW); it can also be a container for lossy-compressed JPEG images, so it's more flexible than JPEG1 or, say, PNG alone. It also supports multiple images ("pages") per file, layers, various sorts of metadata, etc.
1JPEG does define a lossless mode, but apparently it's not widely supported.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
