I then realized that the most important part was in the first paragraph, "resulted in the theft of intellectual property from Google". The next nine paragraphs just put an interesting, humanitarian spin on things.
John Markoff and Ashlee Vance just published "Fearing Hackers Who Leave No Trace". In it, they discuss why it is a big deal for someone to hack into Google, Adobe, or the other companies. It is well worth the read.
And, if you've missed it:
- http://blogs.technet.com/msrc/archive/2010/01/19/security-advisory-979352-going-out-of-band.aspx This site looks down now. But, this is where Microsoft has announced that they're releasing an Out of Band patch for this IE issue.
- Microsoft advises using IE 8 instead of version 6 or 7 as it is "less vulnerable". Not "safe", just less bad.
- Not so fast says Vupen. They say that IE8 is just as vulnerable as anything else. They all suck.
- New Windows(R) kernel Vulnerability. To top it all off, Tavis Ormandy has just published a new vulnerability in the Windows Kernel. Which versions? Oh, just those in NT 3.1 through Windows 7. That includes the Server versions (like 200{0,3,8} as well as things like XP) since they're all on the same happy kernels. What kind of vulnerability? Privilege Escalation. So, as long as you can execute any code on the box, you can now escalate to full privileges. Nice.
No comments:
Post a Comment