Researchers may have figured out how to bypass a common technique Microsoft and other software makers have used to fix hundreds of security vulnerabilities over the past decade, according to a brief video previewing a talk scheduled for later this week at the Black Hat security conference. The video, posted here by security …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Monday 27th July 2009 19:38 GMT Pawel 1

Game changer??

There were quite a few bugs in killbit implementation/design:

e.g. http://www.securityfocus.com/bid/16409

It seems that the whole killbit philosophy is broken, and very deeply for that matter

0 0
Monday 27th July 2009 20:04 GMT Julian I-Do-Stuff

Funny that...

Told MS back in April there was a security issue with this as I had just found I had a certain ActiveX running despite the KIllBit being set... (but for me it was a good thing... I need that ActiveX).

I just hope they *don't* find a way to disable properly an ActiveX they didn't replace properly with a secure version or I'd be stuffed.

0 0
Monday 27th July 2009 20:43 GMT Balefire

Sloppy coding ethics

Seems to be the mentality - instead of actually fixing the problem, write code to work "around" the bug. Then write more code to work around the problems in the code which goes around the bug. Rinse, repeat.

Which is why a fresh install needs about 8 to 10 rounds of updates. An update should only need to be done once on a new install and then be completely up to date at that time.

0 0
Monday 27th July 2009 23:31 GMT mrweekender

@ Balefire

"Sloppy coding ethics"

So no change there then and the main reason why the Joe Public is slowly but surely moving away from Microsoft. Here's the math (US vsn) or maths (UK vsn):-

Public spending increasingly more time on the Internet doing their banking/other really important stuff + massive security holes in your operating system/system integrated apps = HUGE FUCKING FAIL!

Wake up folks or get your shit hacked.

0 0
Tuesday 28th July 2009 00:01 GMT Anonymous Coward

IE

When you install windows you should only use firefox downloader once.

And it looks like in Europe you will not have to use it at all!

0 0
Tuesday 28th July 2009 11:48 GMT Boris the Cockroach

Many

Peapole have known this for ages

To use IE on the internet, goto the settings and turn off activex(also a good idea to turn offf scripting too)

Then you can surf away with 2 huge security holes firmly closed

Dunno about the rest of them though.........

Pingu... because guess what I use

0 0
Tuesday 28th July 2009 11:53 GMT Luther Blissett

Q: What do you call a collection of killbits?

re: "several hundred" killbits included in IE 8 running on Vista.

A: A clear case of killbill.

0 0
Tuesday 28th July 2009 11:53 GMT Francis Offord

Why am I not surprised

The total lack of control exhibited by William and his merry men

leaves me in despair. Ever since he took over the role of our guardian we have been suffering regular incursions into out security and the "Whiz Kidz" who operate in his behalf are simply not up to the business. They should be fired and competent operators brought on board. Ever since I have been using Windows I have been subjected to regular down times owing to this incompetence and I have been strongly tempted to change over to "Apple" pie instead. Can William and his gang assure me that they will be responsible for any data loss I endure and will pick up the expenses of adjusting to the renewal of my system? Francis Offord, NOT well "gruntled".

0 0
Tuesday 28th July 2009 15:04 GMT Anonymous Coward

Activex. Don't you just love it

How often do activex issues come up? Wouldn't it be a good idea to scrap the sorry mess and start again

0 0