[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: XP vulnerability



PureBytes Links

Trading Reference Links

Eric,

I'm a frequent visitor to Steve Gibson's site.  I used his patch
rather than Microsoft's SP1.  A few k verses 145 meg and possible
disablement of my computer seemed like a good trade.  I guess you are
aware that Microsoft has also fixed XP Pro so you can't use Java
unless you download it from Sun directly.  Nice guys.

Come on Linux.

Jimmy

Thursday, December 5, 2002, 5:19:56 PM, you wrote:

Eric> Jim,

Eric> This topic is addressed expertly by
Eric> Steve Gibson at the following web address:
Eric> http://grc.com/xpdite/xpdite.htm

Eric> I'm sorry to be so dramatic,
Eric> but I think now that the SP1 vulnerability is public,
Eric> it is a forgone conclusion that it will be exploited 
Eric> with greater frequency.

Eric> Though he warns of HD erasures,
Eric> I think the greater damage would be 
Eric> done by stealth programs designed
Eric> for secret exploitation ie passwords,
Eric> DNS attacks, ID theft, etc..

Eric> Noted on his site were the following:

Eric>      XP Service Pack Said to Fix Major Flaw - September 10, 2002
Eric>       by PCWorld.com Staff 
Eric>      Patch Plugs Win XP Hole Without SP1 - September 13, 2002
Eric>       by Stuart J. Johnston, special to PCWorld.com 
Eric>      Win XP Update Crashes Some PCs - September 20, 2002
Eric>       by Stuart J. Johnston, special to PCWorld.com

Eric>       You are right about the crashes.
Eric>       He suggests a suitable patch that does not need SP1

Eric>       I would consider a mirror backup to restore a shattered system.
     


Eric> Sincerely,
Eric> Eric Svendsen