SP2 "Flaw" report falls short...

Glad to see someone finally reporting this correctly. The media have been over eager to report a SP2 flaw they would even run with something trivial from a unknown German security company who hold little respect and standing.

The misguided advisory from Heise Security sets unrealistic expectations for a new Windows security feature and then criticizes Microsoft for not meeting them.
 
Yes, it does appear that the command shell doesn't use the AES and therefore will execute files that Internet Explorer thinks come from untrusted sources. So? Let's imagine that Windows actually somehow changed all file exchanges to use this facility. Other programs' behavior would change and potentially break—and guess who would take the heat for it?

This same scenario, I should point out, works beautifully with non-Microsoft browsers. There's nothing in Mozilla to stop it. If one more instruction is added to the message, using the chmod command, it works just as well in Linux and Unix, too. Is it a "vulnerability" that users are allowed to run programs?
Classic.
smile.gif
 
Yes, a very nice line at the end there :) The same thoughts this author expresses crossed my mind when I read the details about the "flaw".
 
I love this quote, "Is it a "vulnerability" that users are allowed to run programs?" LMAO
 

Members online

No members online now.

Latest profile posts

Also Hi EP and people. I found this place again while looking through a oooollllllldddd backup. I have filled over 10TB and was looking at my collection of antiques. Any bids on the 500Mhz Win 95 fix?
Any of the SP crew still out there?
Xie wrote on Electronic Punk's profile.
Impressed you have kept this alive this long EP! So many sites have come and gone. :(

Just did some crude math and I apparently joined almost 18yrs ago, how is that possible???
hello peeps... is been some time since i last came here.
Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.

Forum statistics

Threads
62,015
Messages
673,494
Members
5,621
Latest member
naeemsafi
Back