back to article New attack resurrects previously patched security bugs

Researchers may have figured out how to bypass a common technique Microsoft and other software makers have used to fix hundreds of security vulnerabilities over the past decade, according to a brief video previewing a talk scheduled for later this week at the Black Hat security conference. The video, posted here by security …

COMMENTS

This topic is closed for new posts.
  1. Pawel 1
    Thumb Down

    Game changer??

    There were quite a few bugs in killbit implementation/design:

    e.g. http://www.securityfocus.com/bid/16409

    It seems that the whole killbit philosophy is broken, and very deeply for that matter

  2. Julian I-Do-Stuff
    Happy

    Funny that...

    Told MS back in April there was a security issue with this as I had just found I had a certain ActiveX running despite the KIllBit being set... (but for me it was a good thing... I need that ActiveX).

    I just hope they *don't* find a way to disable properly an ActiveX they didn't replace properly with a secure version or I'd be stuffed.

  3. Balefire
    FAIL

    Sloppy coding ethics

    Seems to be the mentality - instead of actually fixing the problem, write code to work "around" the bug. Then write more code to work around the problems in the code which goes around the bug. Rinse, repeat.

    Which is why a fresh install needs about 8 to 10 rounds of updates. An update should only need to be done once on a new install and then be completely up to date at that time.

  4. mrweekender
    FAIL

    @ Balefire

    "Sloppy coding ethics"

    So no change there then and the main reason why the Joe Public is slowly but surely moving away from Microsoft. Here's the math (US vsn) or maths (UK vsn):-

    Public spending increasingly more time on the Internet doing their banking/other really important stuff + massive security holes in your operating system/system integrated apps = HUGE FUCKING FAIL!

    Wake up folks or get your shit hacked.

  5. Anonymous Coward
    FAIL

    IE

    When you install windows you should only use firefox downloader once.

    And it looks like in Europe you will not have to use it at all!

  6. Boris the Cockroach Silver badge
    Linux

    Many

    Peapole have known this for ages

    To use IE on the internet, goto the settings and turn off activex(also a good idea to turn offf scripting too)

    Then you can surf away with 2 huge security holes firmly closed

    Dunno about the rest of them though.........

    Pingu... because guess what I use

  7. Luther Blissett

    Q: What do you call a collection of killbits?

    re: "several hundred" killbits included in IE 8 running on Vista.

    A: A clear case of killbill.

  8. Francis Offord
    Megaphone

    Why am I not surprised

    The total lack of control exhibited by William and his merry men

    leaves me in despair. Ever since he took over the role of our guardian we have been suffering regular incursions into out security and the "Whiz Kidz" who operate in his behalf are simply not up to the business. They should be fired and competent operators brought on board. Ever since I have been using Windows I have been subjected to regular down times owing to this incompetence and I have been strongly tempted to change over to "Apple" pie instead. Can William and his gang assure me that they will be responsible for any data loss I endure and will pick up the expenses of adjusting to the renewal of my system? Francis Offord, NOT well "gruntled".

  9. Anonymous Coward
    Unhappy

    Activex. Don't you just love it

    How often do activex issues come up? Wouldn't it be a good idea to scrap the sorry mess and start again

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019