I'm not surprised at all. Entertained? Most certainly. Surprised? Nope.

----- Original Message ----
From: Josef Lowder <joe@actionline.com>
To: plug-discuss@lists.plug.phoenix.az.us
Sent: Wednesday, December 27, 2006 5:24:49 PM
Subject: Flaws found in M$ Vista ... already

.
http://www.nytimes.com/2006/12/25/technology/25vista.html
http://www.nytimes.com/2006/12/25/technology/25vista.html?_r=1&oref=slogin

Didn't take long, did it?

Excerpts:

M$ has spent millions branding its new Vista operating system as the most
secure product it has ever produced.

But M$ is facing an early crisis of confidence in the quality of Vista as
computer security researchers and hackers have begun to find potentially
serious flaws in the system that as released to corporate customers late last
month.

On Dec. 15, a Russian programmer posted a description of a flaw that makes it
possible to increase a user˘s privileges on all of the company˘s recent
operating systems, including Vista. And over the weekend a Silicon Valley
computer security firm said it had notified M$ that it had also found that
flaw, as well as five other vulnerabilities, including one serious error in
the software code underlying the company˘s new Internet Explorer 7 browser.

The browser flaw is particularly troubling because it potentially means that
Web users could become infected with malicious software simply by visiting a
booby-trapped site. That would make it possible for an attacker to inject
rogue software into the Vista-based computer, according to executives at
Determina, a company based in Redwood City, Calif.

... the vulnerability described on the Russian Web site permits the privileges
of a standard user account in Vista and other versions of Windows to be
increased, permitting control of all of the operations of the computer.

... Determina executives said that by itself, the browser flaw that was
reported to M$ could permit damage like the theft of password information and
the attack of other computers. ... Determina researchers said they had
notified M$ of four other flaws they had discovered, including a bug that
would make it possible for an attacker to repeatedly disable a M$ Exchange
mail server simply by sending the program an infected e-mail message.

Last week, the chief technology officer of Trend Micro, a computer security
firm in Tokyo, told several computer news Web sites that he had discovered an
offer on an underground computer discussion forum to sell information about a
security flaw in Windows Vista for $50,000. ... Many computer security
companies say that there is a lively underground market for information that
would permit attackers to break in to systems via the Internet.


---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss