SoylentNews is people
SoylentNews
El Reg reports
Microsoft has patched 25 software vulnerabilities--including bugs that allow hackers to hijack PCs via Internet Explorer, Word and Excel files, and Visual Basic scripts.
Microsoft said its December's edition of Patch Tuesday includes critical fixes for Windows, Office and Internet Explorer as well as a patch for Exchange.
MS14-80: Addresses 14 security flaws in Internet Explorer, including various remote-code execution vulnerabilities and an ASLR bypass. The patch is considered a low risk for Windows Server systems, but critical for desktops, laptops and tablets. All the flaws were privately reported, and credit was given to various independent researchers as well as the HP Zero Day Initiative, Qihoo 360 and VeriSign iDefense Labs.
MS14-81: Two vulnerabilities in Word and Office Web Apps that allow an attacker to remotely execute code on targeted systems if the victims open booby-trapped documents. This update also applies to users running Office for Mac. Credit was given to Google Project Zero researcher Ben Hawkes, who privately reported the flaws to Microsoft. Rated as Critical.
MS14-84: A remote-code execution vulnerability (CVE-2014-6363) in the Windows VBScript engine can be exploited via a specially crafted webpage. Credit for discovery was given to SkyLined and VeriSign iDefense Labs. Rated as Critical.
The article also mentions Adobe software and Linux. Are any Soylentils running that combination?
(Score: 3, Informative) by Hairyfeet on Thursday December 11 2014, @11:25PM
If you are still running with no protection and allow scripts from just anywhere to run? Then you sir or madam are an idiot and deserve what you get. The exact same thing an be done on Linux with the how to write a Linux virus in 5 easy steps [geekzone.co.nz] showing a perfect example. Trick user with social engineering, run scripts without any sort of protection, get pwned. Its just that simple folks.
Oh and for those that say "it doesn't work that way in real life"? Look up the KDELook bug, the Ubuntu screensaver bug, sorry if I can't remember the name of it but Linux Insider just the other day was talking about how a former Windows bug now has a multiplatform payload that includes Linux targeted malware. So its nothing to do with any OS, if you are downloading and running strange scripts from third parties without protection and/or sandboxing? Then I'm sorry but you deserve what you get, there is simply no way to make ANY OS 100% moron proof without taking control of the system from them and handing it to corporate and even that doesn't give you 100% protection, see the recent malware in the Apple AppStore.
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 0) by Anonymous Coward on Friday December 12 2014, @01:06AM
That screensaver bug wasn't in the official repos, it was a download on gnome-look.org and was promptly removed
(Score: 0) by Anonymous Coward on Friday December 12 2014, @01:33AM
Are you really this stupid?
(Score: 0) by Anonymous Coward on Friday December 12 2014, @01:42AM
how to write a Linux virus
Virus == self-replicating
Something that doesn't automagically spread from box to box is NOT a virus.
Malicious script != virus
PURPOSELY giving something executable privileges then PURPOSELY running it in no way resembles a Windoze drive-by infection.
You've been told BEFORE that that link's title is crap yet you continue to point to it.
That is called TROLLING.
...and what a crap page (construction-wise).
It won't allow me to link to my favorite comment there (by diddy).
Felice right below him hits the points I would have made.
.
Now, if Linux *was* so easy to infect, Google (with over 1e6 machines running Linux) would constantly be flat on its face and would be in the headlines for that on a recurring basis.
Doesn't happen.
-- gewg_
(Score: 2) by mcgrew on Friday December 12 2014, @03:19PM
Harryfeet isn't a troll, he's a shill. He fixes Windows computers for a living and lives in fear that Linux will take over.
Carbon, The only element in the known universe to ever gain sentience
(Score: 0) by Anonymous Coward on Friday December 12 2014, @08:23PM
I think you are aware that I already know all of that and that you are more in broadcast mode for those who are new here.
...but he's actually both.
When someone says things that he KNOWS aren't true, that's classic trolling and, as I noted, he's been called on this one before.
-- gewg_
(Score: 2) by Hairyfeet on Friday December 19 2014, @03:31AM
ROFLcopter with numbers literally lower than "other" [hitslink.com] which is generally accepted to be 98/2K and Chinese Droid knockoffs? You got better odds of winning the powerball 6 times while screwing ScarJo AND getting hit in the balls by a bolt of lightning than Linux EVAR even reaching 5 fucking percent ROFL! In fact in honor of Linux and its "great success" here is a song 4 you [youtube.com] LOL!
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 2) by Marand on Friday December 12 2014, @05:46AM
First off, that link's ridiculously outdated. I know that KDE implemented a first-run warning on new .desktop (the launcher files referred to in the article) years ago. Your first attempt to run a new .desktop file of any kind shows you the command it's attempting to run and forces you to confirm that you want to do it, and if you agree it will remember your choice. It's a user-friendly equivalent to the one-time step of making a file executable.
This also applies to .desktop files in your Autostart, so if something tries to sneak a new autorun in, on your next login you'll get a suspicious new prompt to run a command that wasn't there before. Just like if something else tries to run a .desktop file to do something similar. Sure, a clueless newbie can still blindly click through and create a mess, but that's not a bad thing.
It's possible GNOME still silently runs them, but I'd be amazed at the incompetence if it still does, and it would be a good reason to discourage GNOME use (not that GNOME3 needs any more discouragement than just being GNOME3). I can't test because I don't have GNOME3 installed.
Still, the point here is that it's not a good link to trot out to make your point. It was a bad design decision that got questioned and got fixed, at least by one of the DEs mentioned in the article. Bringing up a 2009 problem when it's almost 2015 is about as relevant as linking to an article about Windows 98's bluescreen problems in a discussion about Windows 7.
So its nothing to do with any OS, if you are downloading and running strange scripts from third parties without protection and/or sandboxing? Then I'm sorry but you deserve what you get, there is simply no way to make ANY OS 100% moron proof without taking control of the system from them and handing it to corporate and even that doesn't give you 100% protection, see the recent malware in the Apple AppStore.
I actually agree with this. Unless all you want is an appliance, the risk is just an inherent part of having a flexible system. You can't have flexible, powerful software without having the option to shoot yourself in the foot if you do something stupid.
(Score: 2) by Hairyfeet on Saturday December 13 2014, @09:44AM
Uhhh...didn't bother to read TFL? He actually posts a follow up that covers pretty much everything you bitch about and guess what? It STILL works, it works because social engineering is smarter than your OS and it always will be, I'm sorry if that bursts your bubble but that is a fact. I work on Windows PCs 6 days a week and if you removed social engineering? I wouldn't have a job because I haven't seen a bug that didn't use social engineering get any traction in ages. That's just the way it is, robbers go where the money is, malware writers target the weakest link which is ALWAYS gonna be PEBKAC.
So wave your penguin flag all you want, the ONLY thing that saved Linus and co's ass was security by obscurity, see Shellshock, Heartbleed, the over 2 million infected Android systems for examples. Your OS is just as pwned as everybody else now so welcome to the party pal, coffee and donuts are in the back.
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 2) by Marand on Saturday December 13 2014, @02:47PM
Uhhh...didn't bother to read TFL? He actually posts a follow up that covers pretty much everything you bitch about
I actually did read it, smart-ass, and the follow-up is just as outdated and wrong as the original link. He didn't address what I was referring to at all, and you apparently didn't understand what I was saying if you think he did. They changed the .desktop file handling behaviour so that you get a warning/request for any new .desktop file's first run. It adds an extra step to help mitigate accidental runs and the like, and it was changed to do that a few years ago after people realised it was unsafe and attention was drawn to it in a few linux-related news sites.
It STILL works, it works because social engineering is smarter than your OS and it always will be, I'm sorry if that bursts your bubble but that is a fact
I never said it stopped people from doing dumb things. In fact, I explicitly said the opposite, pointing out that the change doesn't stop a person that's determined to do something bad. I even said it twice! Since you missed them the first time:
"Sure, a clueless newbie can still blindly click through and create a mess, but that's not a bad thing."
"Unless all you want is an appliance, the risk is just an inherent part of having a flexible system. You can't have flexible, powerful software without having the option to shoot yourself in the foot if you do something stupid."
So wave your penguin flag all you want, the ONLY thing that saved Linus and co's ass was security by obscurity, see Shellshock, Heartbleed, the over 2 million infected Android systems for examples. Your OS is just as pwned as everybody else now so welcome to the party pal, coffee and donuts are in the back.
Dude. Is it your reading comprehension or your grip on reality that's complete shit? I didn't "wave [my] penguin flag", I didn't compare Linux to Windows in any way, and I didn't make any attempt to suggest it was infallible. All I said is your link is horribly outdated and you should find something more current to make your point, because huge chunks of it are irrelevant now.
Like I said already, if somebody trotted out a link to an article about bad design, security flaws, and crashing in Windows 98, you'd be all over them telling them how it's irrelevant, outdated, and inaccurate. Same is true here. You can't just keep citing old references, sometimes you have to update them because things change. That's all I'm saying.
I commented because I'm familiar enough with the OS that I saw the information was terribly outdated and thought you'd want to know and maybe find something newer to use in the future. That was my mistake; I should have just ignored it because now you're just targeting me with your usual crap where you ignore what's actually being said so you can push faulty logic and bad arguments regardless of reality.
(Score: 2) by mcgrew on Friday December 12 2014, @03:03PM
If you are still running with no protection and allow scripts from just anywhere to run? Then you sir or madam are an idiot
Only if they've been informed, otherwise they're simply ignorant.
The exact same thing an be done on Linux with the how to write a Linux virus in 5 easy steps showing a perfect example. Trick user with social engineering, run scripts without any sort of protection, get pwned.
A trojan is not a virus. Your "write a Linux virus" is an ignorant headline.
I googled for your KDE-look bug; no dice. Got a link?
there is simply no way to make ANY OS 100% moron proof
That is indeed correct. Now if we could make software houses idiot-free...
Carbon, The only element in the known universe to ever gain sentience