11 posts • joined 18 Apr 2011
Quote "If they know that, so why don't they have a common API already"
Quote "In fact, developers don't even use the same APIs to create them – so far, at least."
A quick look to the MSDN documentation and we can see that the APIs are converged, e.g.
So the above API is supported on Windows 8 store apps, Windows 8 desktop apps, Windows phone 8 apps and can be used via three languages (C#, VB, C++) and it will build on three architectures (X86, x64 and ARM....
I am surprised nobody has mentioned this:
Re: Not so nice when the shoe's on the other foot is it Microsoft?
Stuart wrote some rubbish: >Take the Microsoft Office format for example. Did they actually open up the legacy format for people to implement? No
Yes they did actually, Office legacy document format has been fully documented for at least five years:
Wow 35 up votes for so much BS...so sad that so many of you can't use a search engine:
Re: "We fix things once we know they're broken"
Eadon you talk Rubbish.... http://www.theregister.co.uk/2011/02/16/ms_silent_security_fix_rationale/
ooo thanks El Reg....I just tried it (seems my £9 per month Windows Phone Zune Subscription account got automigrated over to XBox) and I can download music and stream to the Win 8 PC via the music app. So that means music in the living room via the Xbox, music on WP phone, music on the Zune, music on home PC and on my slate. Already downloaded 4 GB music....
Re: windows store apple store linux store
I'm sure there's an app for that.... :)
Re: Where's the XNA?
I suspect they only lost one developer and that was you, all the other developers ported their XNA WP7 apps in 20 mins using http://monogame.codeplex.com/ and have it sat waiting for certification in the Win8 App store and are down the pub while you're whining on here :) Keep up old boy.
What the hell is a "favor"?
A strong password is all that is needed to prevent the attack, RDP is NOT on by default either. The passwords the bot tries are very very simple....
Another none issue ....
So on Windows Phone 7 the transmission of location data:
Is switched off by default
Is easy to switch off in settings if it's on
Doesn't get saved to the SD card
Is fully documented saying what and why the location data is stored and how the users privacy is kept
FFS, if you want a cinema near where you standing of course your location is going to get sent to MS...
To tar MS with the same Google/Apple brush over this is hardly fair, but so called journalism really has sunk this low....
Move along... nothin’ to see here....
MS said the bug was exploitable, said it was difficult to exploit and updated IIS two months prior to the conference where this mitigation research was discussed.
Mitigations are used to slow down attackers in their development of exploits, to try and make those exploits unreliable, and to raise the bar of the skill required to create such exploits (e.g. Chris Valasek is a Senior Research Scientist). The mitigations in this case served that purpose. Mitigations don’t take away the need to update the binaries and IIS was still fixed. Mitigations for all platforms are constantly updated to reflect research from White/Grey/Black Hats. Mitigation bypasses generally do not work broadly.
Server DoS's are typically patched by MS anyway, so whether or not it was exploitable is irrelevant, detailing whether it is exploitable or not is to allow the system admin to make a decision in how to prioritise the downloading/testing and rolling out the patch.
The revised blog post, that wasn't referenced by Dan for some reason, said it was exploitable:
"Since then additional research has shown that it may be possible for this vulnerability to be exploited if DEP and ASLR protections are bypassed."
The bulletin notes from Feb 2011 said it was exploitable:
“Maximum Security Impact - Remote Code Execution”
MS said they were aware of the research in the mitigation bypass.
“Vulnerability details for CVE-2010-3972 are public. However, it will be difficult to build a reliable exploit for code execution. We have heard rumors [sic] of an exploit technique that will be discussed publicly in April by Chris Valasek and Ryan Smith.”