SoylentNews is people
SoylentNews
El Reg reports
Microsoft has patched 25 software vulnerabilities--including bugs that allow hackers to hijack PCs via Internet Explorer, Word and Excel files, and Visual Basic scripts.
Microsoft said its December's edition of Patch Tuesday includes critical fixes for Windows, Office and Internet Explorer as well as a patch for Exchange.
MS14-80: Addresses 14 security flaws in Internet Explorer, including various remote-code execution vulnerabilities and an ASLR bypass. The patch is considered a low risk for Windows Server systems, but critical for desktops, laptops and tablets. All the flaws were privately reported, and credit was given to various independent researchers as well as the HP Zero Day Initiative, Qihoo 360 and VeriSign iDefense Labs.
MS14-81: Two vulnerabilities in Word and Office Web Apps that allow an attacker to remotely execute code on targeted systems if the victims open booby-trapped documents. This update also applies to users running Office for Mac. Credit was given to Google Project Zero researcher Ben Hawkes, who privately reported the flaws to Microsoft. Rated as Critical.
MS14-84: A remote-code execution vulnerability (CVE-2014-6363) in the Windows VBScript engine can be exploited via a specially crafted webpage. Credit for discovery was given to SkyLined and VeriSign iDefense Labs. Rated as Critical.
The article also mentions Adobe software and Linux. Are any Soylentils running that combination?
(Score: 2) by Marand on Saturday December 13 2014, @02:47PM
Uhhh...didn't bother to read TFL? He actually posts a follow up that covers pretty much everything you bitch about
I actually did read it, smart-ass, and the follow-up is just as outdated and wrong as the original link. He didn't address what I was referring to at all, and you apparently didn't understand what I was saying if you think he did. They changed the .desktop file handling behaviour so that you get a warning/request for any new .desktop file's first run. It adds an extra step to help mitigate accidental runs and the like, and it was changed to do that a few years ago after people realised it was unsafe and attention was drawn to it in a few linux-related news sites.
It STILL works, it works because social engineering is smarter than your OS and it always will be, I'm sorry if that bursts your bubble but that is a fact
I never said it stopped people from doing dumb things. In fact, I explicitly said the opposite, pointing out that the change doesn't stop a person that's determined to do something bad. I even said it twice! Since you missed them the first time:
"Sure, a clueless newbie can still blindly click through and create a mess, but that's not a bad thing."
"Unless all you want is an appliance, the risk is just an inherent part of having a flexible system. You can't have flexible, powerful software without having the option to shoot yourself in the foot if you do something stupid."
So wave your penguin flag all you want, the ONLY thing that saved Linus and co's ass was security by obscurity, see Shellshock, Heartbleed, the over 2 million infected Android systems for examples. Your OS is just as pwned as everybody else now so welcome to the party pal, coffee and donuts are in the back.
Dude. Is it your reading comprehension or your grip on reality that's complete shit? I didn't "wave [my] penguin flag", I didn't compare Linux to Windows in any way, and I didn't make any attempt to suggest it was infallible. All I said is your link is horribly outdated and you should find something more current to make your point, because huge chunks of it are irrelevant now.
Like I said already, if somebody trotted out a link to an article about bad design, security flaws, and crashing in Windows 98, you'd be all over them telling them how it's irrelevant, outdated, and inaccurate. Same is true here. You can't just keep citing old references, sometimes you have to update them because things change. That's all I'm saying.
I commented because I'm familiar enough with the OS that I saw the information was terribly outdated and thought you'd want to know and maybe find something newer to use in the future. That was my mistake; I should have just ignored it because now you're just targeting me with your usual crap where you ignore what's actually being said so you can push faulty logic and bad arguments regardless of reality.