All Things Microsoft > Microsoft Software
M$ Media Player open to attack! How???
Zombie9920:
Umm ok? I'm using Windows and Internet Explorer and that page didn't do shit. Really, that page looks retarded because it is telling me that I wouldn't be viewing it if I were using IE and Windows. You know, people who sit on thier ass all day and try to exploit *any* software..I don't care what it is....have way too much time on thier hands. Maybe they should get some friends, get a woman or hell even get an imaginary friend. People like exploiters are who give the internet a bad name. As far as I'm concerned they are nothing more than a waste of skin&bones and a waste of the electricity they use in the process of creating exploits.
FYI - The old cd-rom eject trick didn't work on my system either. Software is only as good as the person administrating the computer.
Zombie9920:
Lets not forget to mention a few exploits found in Mplayer.
http://www.security-corporation.com/articles-20030902-002.html
http://www.security-corporation.com/exploits-20030906-000.html
Myth - Ohhh, MPlayer is open source!! Surely it doesn't have any flaws(*riiight*)!
Fact - All software has flaws. You will never find a perfectly coded piece of software(app/os/game, etc.). Get over it.
(Edit)I decided to add a little way of crashing Mozilla.
http://lists.insecure.org/lists/bugtraq/2003/Sep/0082.html
Some Mozilla advisories
http://www.secunia.com/product/1481/
A KDE/Konqueror problem that doesn't even have to be exploited to cause harm.
http://www.securityfocus.com/bid/7520/exploit/
I think this is related to the above listed KDE issue. It is called the KDE Referrer Authentication Leak
http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2003-07/1178.html
If Open Source security issues were made public like MS ones are you would see at least 1 new exploit a day being mentioned. You would easily see 10x more security warnings for Linux than you do for Windows(on average...the 10x figure is actually a little low). Why don't people like to mention all of the bugs in Open source stuff? The bugs exist and the security vulnerabilities are real(just like security vulnerabilities for MS products).
[ September 09, 2003: Message edited by: Viper ]
Faust:
quote: Umm ok? I'm using Windows and Internet Explorer and that page didn't do shit. Really, that page looks retarded because it is telling me that I wouldn't be viewing it if I were using IE and Windows. You know, people who sit on thier ass all day and try to exploit *any* software..I don't care what it is....have way too much time on thier hands. Maybe they should get some friends, get a woman or hell even get an imaginary friend. People like exploiters are who give the internet a bad name. As far as I'm concerned they are nothing more than a waste of skin&bones and a waste of the electricity they use in the process of creating exploits.
--- End quote ---
Yes they are lame and need to get lives. But THEY WILL ALWAYS BE THERE. People who say break into banks are lamers as well, but they wont stop just because you think they need to get a life, so what you do? YOU GO TO A SECURE BANK. When my bank gets broken into I'm not going to blame only the robbers, I'm going to blame the bank and the bank admins as well.
quote:If Open Source security issues were made public like MS ones are you would see at least 1 new exploit a day being mentioned. You would easily see 10x more security warnings for Linux than you do for Windows(on average...the 10x figure is actually a little low). Why don't people like to mention all of the bugs in Open source stuff? The bugs exist and the security vulnerabilities are real(just like security vulnerabilities for MS products).
--- End quote ---
I use Debian and the Debian philosophy is that all bugs are made fully public. In fact any Tom Dick or Harry is allowed full read access to the bug database as theyre submitted. Thats not "after the bug has been looked at by an admin, thats as theyre submitted. Oh and would you like to offer any proof or is this just anecdotal? Yes software will always have exploitable flaws, but I prefer software where those flaws can be fixed quickly.
edit:
quote:Fact - All software has flaws. You will never find a perfectly coded piece of software(app/os/game, etc.). Get over it.
--- End quote ---
Not all software is perfect, but that doesnt mean all software is as exploitable as the rest. If whitehouse.gov and other top level US sites choose to use an Open Source codebase (OpenBSD) then Open Source and Free Software is good enough for me.
[ September 09, 2003: Message edited by: Faust ]
Xeen:
quote:If whitehouse.gov and other top level US sites choose to use an Open Source codebase (OpenBSD) then Open Source and Free Software is good enough for me.
--- End quote ---
Bad example - someone could use the same argument for using Windows. Homeland Security is now stuck using the buggy Window Server 2003 and XP and Office because the dick Tom Ridge or someone who works for him was stupid enough to sign a $90 million contract with M$.
Faust:
Good point, but even Zombie has admitted in the past that OpenBSD is a good server... BTW Seth that sig is massive, could you shrink it a bit please? (with a cherry?)
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version