Serious IIS Hole; Minor X Bug

EyesWideOpen writes "Microsoft announced Wednesday that there is a serious software flaw with its IIS web server. The 'vulnerability affects a function in the server software that allows Web administrators to change passwords for an Internet site.' A researcher with eEye Digital Security discovered the flaw in mid-April but it wasn't announced publicly because of an agreement with Microsoft. The Wired article is here and this appears to be the MS bulletin describing the vulnerability in detail." And several people reported this Register story on a way to DOS Mozilla users by trying to display ludicrously large fonts. Microsoft's time to patch a remote hole where the attacker can gain complete access to your computer: two months. Open Source's time to patch a much less serious bug where the attacker can merely crash your computer: three days.

Status Quo

[Johnny O]

About Status quo in M$ land....
About Status quo in Linux land :-)

DOS Mozilla users???

[Xpilot]

Wow, I didn't know that Mozilla had a DOS version! How many users does it have? Three?

New MSN.com homepage code

[SeanTobin]

<body>
<font size=<?php
if (stristr(HTTP_USER_AGENT,'mozilla')){
echo '16666666666';
} else {
echo '12';
}
?> >
Welcome to the new MSN.COM website, powered by the .NET framework....

(sorry about the previous post... previewed ok, but didn't post correct without extrans...)

Re:Only affects HTR - a rarely used feature

[edrugtrader]

"this really affects those [microsoft] sysadmins who don't bother to lock their server down"...

...right... so EVERYONE is affected... hardly a major bug at all.

Re:Maybe

[GutBomb]

first time i heard someone bitch about the fonts in vi :)

Serious money in this.

[WasterDave]

It strikes me that there might be some quite serious money in these "agreements with Microsoft". In a post dotcom world, it's a pretty plausible business plan:

* Find holes in MS software.
* Publicise them frantically.
* Come to "an agreement".
* Kachingggggg!

Dave

H1

[JohnHegarty]

<H1>Your Hacked</H1>

but i am sure there is more to it than that...

Re:Incorrect !

[ActiveSX]

An X bug allows all available memory to be consumed

All these years and I thought X was supposed to do that. Silly me!

armweak

[alphapartic1e]

That's one small bug for open source, one giant bug for microsoftkind.

Open Source business plan finally complete

[DeadMeat (TM)]

You've done it!

1. Write open-source software
2. Find holes in MS software, publicize them frantically, and come to "an agreement"
3. Profit!

Re:DOS Mozilla users???

[jaavaaguru]

It's a single user system,if my memory serves me correctly.