Evo bicu do kraja posten
Bug,
ponekad, obrise korisnicke fajlove :) A kako je moguce da >GUEST< login ima bilo kakvog uticaja na podatke drugog korisnika je... za neku malo dublju analizu, posto to ukazuje na neke malo ozbiljnije propuste u dizajnu. Tko zna, mozda je Apple malo "olaksao" BSD sigurnost u svom UI sminkeraju :)
Nego, Microsoft je nacuo pa rekose i oni da se upisu:
http://www.theregister.co.uk/2...rosoft_patch_tuesday_oct_2009/
Citat:
Microsoft on Tuesday patched a record number of security holes in its Windows operating systems and other software, a haul that included at least one security flaw that was already under attack in the wild.
One of the updates fixed a vulnerability in Windows Media Runtime that allows an attacker to remotely execute malware by tricking a user into playing a booby-trapped audio or video file. A few hours after its release, a Microsoft spokesman said company researchers have "seen limited attacks trying to use the reported vulnerability."
The bug is rated critical on every version of Windows.
^^^
Obratite paznju na kljucne reci:
Windows Media runtime
“booby-trapped audio or video file”
critical….
EEEEJJ - pa ovo je za Riplija... booby trapped video fajlovi!!! Eto sta se desava kada majmuni preuzmu kontrolu. Da li je moguce da postoji toliko mediokriteta u toj firmi koji su od media stack-a napravili sigurnosnu bombu - zapravo, nisu prvi, Winamp je bio prvi u specijalizovanju na tu temu, ali bar za njih se znalo da ne umeju da projektuju sw.
SMB2 kriticnu rupu necu ni da pominjem - sta reci...
...
A nije ovo sve... Adobe je isto tako cuo da Microsoft i Apple imaju problema, pa su se uplasili da izgube titulu sampiona najnizeg softverskog kvaliteta:
http://www.theregister.co.uk/2...3/adobe_reader_updater_update/
Citat:
Adobe Systems has introduced a new software updater for its Reader and Acrobat applications, one of several additions released Tuesday to protect users against a growing wave of malware attacks.
The new updater was included in in the latest versions of Reader and Acrobat, which Adobe released to fix almost 30 security vulnerabilities, at least one of which was already being targeted in limited attacks. For the time being, the feature will undergo testing in a closed beta program. Eventually, it will be rolled out to all users.
^
30 RUPA u >HEBENOM PDF READERU< .. pa da li je moguce?!?! Adobe Acrobat Reader je sramota za softversku industriju i jedan od najboljih primera devolucije sw. razvoja... nesto sto bi trebalo samo da prikazuej i stampa dokumente je postalo puzajuci backdoor i festival bloat-a...
Kada bih postao komunisticki diktator, prva stvar koju bih uradio je da Adobe-u zabranim da proizvodi softver :)
A pazite ovo:
Citat:
Also introduced in Tuesday's update are features that give admins and end users more control over the types of code that can be executed by the widely deployed program. The controls allow Reader to block all javascript from running or to allow it to run just once in a single PDF document. Reader can also be configured so certain types of javascript commands are permanently blacklisted even while other types are allowed.
Drugim recima, Adobe ne ume da resi sigurnosne probleme u svom djubretu od softvera, pa ce nama da uvali taj zadatak (tzv. "empowering" buzzword) - zamislite ovu bedu, podesavanje polisa za document viewer... sta je sledece? Podesavanje sigurnosnih opcija za Notepad?
Postavlja se pitanje zasto bi glorifikovani prikazivac dokumenata uopste imao potrebe da izvrsava JavaScript kod, i zasto taj JS kod uopste ima bilo kakvog dodira sa korisnickim podacima...
Ali to je valjda progres.. More, Drug Staljin je bio u pravu - na radne akcije sve to treba.
[Ovu poruku je menjao Ivan Dimkovic dana 14.10.2009. u 08:23 GMT+1]
DigiCortex (ex. SpikeFun) - Cortical Neural Network Simulator:
http://www.digicortex.net/node/1 Videos:
http://www.digicortex.net/node/17 Gallery:
http://www.digicortex.net/node/25
PowerMonkey - Redyce CPU Power Waste and gain performance! -
https://github.com/psyq321/PowerMonkey