[CrackMonkey] [gkm@petting-zoo.net: Microsoft Internet Explorer]

[Peter A. Peterson II]

Quoting Nick Moffitt:
> 	- Some version of Microsoft Internet Explorer has a security
> 	  hole that basically permits an email message to run an
> 	  arbitrary bit of code when the message is read.
> 
> 	- Having been told of the problem, Microsoft released a patch
> 	  to fix it.  Six weeks later.
> 
> 	- Many, many people have gotten the patch, but it fails to do
> 	  anything in a lot of cases.
> 
> 	- In some of those cases, it tells you that everything is now
> 	  hunky-dory....

By contrast, this just came by way of debian-security-announce...

> Package: ntp
> Vulnerability: remote root exploit
> Debian-specific: no
> 
> Przemyslaw Frasunek <venglin at FREEBSD.LUBLIN.PL> reported that ntp
> daemons such as that released with Debian GNU/Linux are vulnerable to a
> buffer overflow that can lead to a remote root exploit. This has been
> corrected for Debian 2.2 (potato) in ntp version 4.0.99g-2potato1.
>
> We recommend you upgrade your ntp package immediately.

And of course, 'sudo apt-get update; sudo apt-get install ntp' fixes the
problem. This is not a hotfix, or a patch, or a service-pack with
dependencies baffling and rife with flaws. And it's pretty impossible
for this fix to destroy my whole system. And that's part of the problem
-- what's an MS Administrator to do when sometimes the fixes are more
dangerous than the threats? Not secure their system, that's what. 

"Apache -- the great little web server for mom-and-pop ISPs that also
happen to be the only computer systems untouched by the recent 
meltdown of all Microsoft products..."

pedro

-- 
----------------------------------------------------------
robotfindskitten.org -- free zen simulation 
xy003.net -- free rock opera
robotfindsxy003.net -- No match for "ROBOTFINDSXY003.NET".
----------------------------------------------------------