Microsoft urges customers to install security tool,,,Advertise

[Big Steel]

<http://www.nbcnews.com/technology/t...rs-install-security-tool-1B5948322?ocid=msnhp>

Microsoft urged Windows users on Monday to install a free piece of
security software to protect PCs from a newly discovered bug in the
Internet Explorer browser.

 

[Gene E. Bloch]

<http://www.nbcnews.com/technology/t...rs-install-security-tool-1B5948322?ocid=msnhp>

Microsoft urged Windows users on Monday to install a free piece of
security software to protect PCs from a newly discovered bug in the
Internet Explorer browser.

I'll look into it further, after noting that on the page you reference,
this headline appears:

"Ballmer: There's no doubt Windows 8 will be a success"

Dunno...

 

[Robin Bignall]

I'll look into it further, after noting that on the page you reference,
this headline appears:

I've installed it. It's an extensive set of anti-hacker tools that's
platform independent, and that will be added to as the technology
develops. But how does one find out about Microsoft's technical
innovations like this without spending hours reading their technical
bulletins? Tools like this should be offered on Windows Update as
optional extras, IMO.

 

[Gene E. Bloch]

I've installed it. It's an extensive set of anti-hacker tools that's
platform independent, and that will be added to as the technology
develops. But how does one find out about Microsoft's technical
innovations like this without spending hours reading their technical
bulletins? Tools like this should be offered on Windows Update as
optional extras, IMO.

Or even not optional and with a user-friendly interface. Radical idea...

I've now lost track of the recent thread in this NG where someone
complained of the lack of transparency of an error message. Similar
problem in an OS meant for naive users as well as experts like me

 

[John Ferrell]

I have not been able to understand why PC's have always been
vulnerable to buffer overrun problems. The mainframes always counted
the buffer inputs and terminated the transfer when the max count was
reached. Those main frames were a lot less powerful than today's PC's.
Counting was implemented in hardware, software or both.

If you can build a system that can run multiple programs you can
certainly write the OS so that only the errant process is affected by
a buffer overrun. I think we are all being scammed to justify a new
system periodically so the vendors can keep selling the same functions
.... over & over.

There is no incentive for the industry fix anything, they just sell a
new release with a different set of flaws.

I'll look into it further, after noting that on the page you reference,
this headline appears:

"Ballmer: There's no doubt Windows 8 will be a success"

Dunno...

John Ferrell W8CCW

 

[...winston]

Microsoft Security Response Center

Additional information about Internet Explorer and Security Advisory 2757760
http://blogs.technet.com/b/msrc/arc...t-explorer-and-security-advisory-2757760.aspx

Short link -> http://goo.gl/GnInX

<qp>
We will release a Fix it in the next few days to address an issue in Internet Explorer, as outlined in the Security Advisory
2757760 that we released yesterday.
</qp>


--
....winston
msft mvp mail


"Big Steel" wrote in message
<http://www.nbcnews.com/technology/t...rs-install-security-tool-1B5948322?ocid=msnhp>

Microsoft urged Windows users on Monday to install a free piece of
security software to protect PCs from a newly discovered bug in the
Internet Explorer browser.

 

[Gene E. Bloch]

I have not been able to understand why PC's have always been
vulnerable to buffer overrun problems. The mainframes always counted
the buffer inputs and terminated the transfer when the max count was
reached. Those main frames were a lot less powerful than today's PC's.
Counting was implemented in hardware, software or both.

I have no idea why your post is a reply to mine, but you did remind me
of my first major programming error.

It was a buffer overrun on a mainframe.

When I explained the bug to the guy who was supposedly teaching me
programming, he said that he couldn't understand it, that I had gone
beyond him, and that I was now on my own as a student of programming.

I said "OK", and the rest is history(?).

 

[John Ferrell]

Sorry for any generated noise. It seems that quite a few of the
security patches list a buffer overrun as the problem being addressed,
I cannot think of a single example at this time.
I need to quit responding after 8 PM in the evenings!

I have no idea why your post is a reply to mine, but you did remind me
of my first major programming error.

It was a buffer overrun on a mainframe.

When I explained the bug to the guy who was supposedly teaching me
programming, he said that he couldn't understand it, that I had gone
beyond him, and that I was now on my own as a student of programming.

I said "OK", and the rest is history(?).

John Ferrell W8CCW

 

[J. P. Gilliver (John)]

Sorry for any generated noise. It seems that quite a few of the
security patches list a buffer overrun as the problem being addressed,
I cannot think of a single example at this time.
I need to quit responding after 8 PM in the evenings!

[]
You could start responding after 8 PM in the mornings ...

(Sorry, couldn't resist!)

 

[Robin Bignall]

I have no idea why your post is a reply to mine, but you did remind me
of my first major programming error.

Your original post introduced EMET, which, crudely put, is a set of
anti-hacker tools and architecture. One of the ways they can get at you
has something to do with buffer overruns.
What I can't seem to lay my hands on is the document that describes in
great detail all these vulnerabilities and how EMET's architecture and
current/future implementations tackle them. It's great reading if a)
you're dead keen on computer internals or b) you suffer from insomnia.

 

[Joe Morris]

I've installed it. It's an extensive set of anti-hacker tools that's
platform independent, and that will be added to as the technology
develops. But how does one find out about Microsoft's technical
innovations like this without spending hours reading their technical
bulletins? Tools like this should be offered on Windows Update as
optional extras, IMO.

You could sign up to receive Microsoft security-related announcements:

http://technet.microsoft.com/en-us/security/dd252948.aspx

Incidentally, one thing to note is that merely installing EMET
on your computer doesn't really help. You need to tell it what programs it
should monitor.

For example, here's a very small part of the list of programs my shop
monitors with EMET:

iexplore.exe
Acrobat.exe
acrobat_sl.exe
reader_sl.exe
firefox.exe
opera.exe
Safari.exe
EXCEL.EXE
ONENOTE.EXE
ONENOTEM.EXE
INFOPATH.EXE

Joe

 

[...winston]

"Robin Bignall" wrote in message Your original post introduced EMET, which, crudely put, is a set of
anti-hacker tools and architecture. One of the ways they can get at you
has something to do with buffer overruns.
What I can't seem to lay my hands on is the document that describes in
great detail all these vulnerabilities and how EMET's architecture and
current/future implementations tackle them. It's great reading if a)
you're dead keen on computer internals or b) you suffer from insomnia.
MSFT, earlier today, updated the Security Advisory with some additional information
- Information about the vulnerability
- Current Attack Landscape
- Effectiveness of using EMET

http://blogs.technet.com/b/srd/arch...on-on-security-advisory-2757760-s-fix-it.aspx

Short Url -> http://goo.gl/CVJWf

It might not fill in all the blanks but it does provide more information (from their side) than previously

 

[Gene E. Bloch]

Sorry for any generated noise. It seems that quite a few of the
security patches list a buffer overrun as the problem being addressed,
I cannot think of a single example at this time.
I need to quit responding after 8 PM in the evenings!


John Ferrell W8CCW

Well, you did give me an excuse to tell a story from my past.

That might not earn points from everyone, but I liked it ;-).

 

[Gene E. Bloch]

Your original post introduced EMET, which, crudely put, is a set of
anti-hacker tools and architecture. One of the ways they can get at you
has something to do with buffer overruns.

I didn't introduce EMET at all. I didn't even mention EMET in this
thread until now. In fact, I never heard of EMET until I followed Big
Steel's link at the start of this thread, so I don't know what you mean
by your reply.

Unfortunately, it's late here, so you're not as lucky as John Ferrell -
I can't think of any entertaining anecdotes from my early days as a
programmer to entertain you with

 

[John Ferrell]

Its OK, I had it coming!

Sorry for any generated noise. It seems that quite a few of the
security patches list a buffer overrun as the problem being addressed,
I cannot think of a single example at this time.
I need to quit responding after 8 PM in the evenings!

[]
You could start responding after 8 PM in the mornings ...

(Sorry, couldn't resist!)

John Ferrell W8CCW

 

[Robin Bignall]

You could sign up to receive Microsoft security-related announcements:

http://technet.microsoft.com/en-us/security/dd252948.aspx

Thanks, Joe. Trying to register takes me to a page that never loads.

Incidentally, one thing to note is that merely installing EMET
on your computer doesn't really help. You need to tell it what programsit
should monitor.

For example, here's a very small part of the list of programs my shop
monitors with EMET:

iexplore.exe
Acrobat.exe
acrobat_sl.exe
reader_sl.exe
firefox.exe
opera.exe
Safari.exe
EXCEL.EXE
ONENOTE.EXE
ONENOTEM.EXE
INFOPATH.EXE

Thanks for the list. I figured out iexplore was one of the vital ones.

 

[Robin Bignall]

I didn't introduce EMET at all. I didn't even mention EMET in this
thread until now. In fact, I never heard of EMET until I followed Big
Steel's link at the start of this thread, so I don't know what you mean
by your reply.

I didn't see the Big Steel one, Gene, but I did see your reply, which
quoted the key link to EMET.

Unfortunately, it's late here, so you're not as lucky as John Ferrell -
I can't think of any entertaining anecdotes from my early days as a
programmer to entertain you with

Back in the /360 days I was an IBM SE with a customer who couldn't get
his model 40 going so his punched card accounting machines were running
white hot. He wanted me to program a 2540 card read/punch to emulate
some of the punched card equipment which read some cards, did some
calculations and punched the results. He wanted the read cards followed
by the summary card all in the centre stacker. This program had to be
in tight /360 assembler because it totally depended on the read and
punch timings of the 2540.

I could only get his computer weekend nights, of course, and to test the
program I had to kneel on the floor, one thumb on the reader stop
button, the other on the punch. One Sunday night I had just started it
when security came into the computer room and I lost my concentration,
and didn't have the program quite right. What security saw, and nearly
pissed himself laughing at, was this guy kneeling in front of a machine
while a whole box of cards flew past him all over the room. I never did
get those timings quite right!

 

[Gene Wirchenko]

On Thu, 20 Sep 2012 22:02:02 +0100, Robin Bignall

[snip]

I could only get his computer weekend nights, of course, and to test the
program I had to kneel on the floor, one thumb on the reader stop
button, the other on the punch. One Sunday night I had just started it
when security came into the computer room and I lost my concentration,
and didn't have the program quite right. What security saw, and nearly
pissed himself laughing at, was this guy kneeling in front of a machine
while a whole box of cards flew past him all over the room. I never did
get those timings quite right!

You forgot to do the sacrifice first before praying, right?

Sincerely,

Gene Wirchenko

 

[Gene E. Bloch]

I didn't see the Big Steel one, Gene, but I did see your reply, which
quoted the key link to EMET.


Back in the /360 days I was an IBM SE with a customer who couldn't get
his model 40 going so his punched card accounting machines were running
white hot. He wanted me to program a 2540 card read/punch to emulate
some of the punched card equipment which read some cards, did some
calculations and punched the results. He wanted the read cards followed
by the summary card all in the centre stacker. This program had to be
in tight /360 assembler because it totally depended on the read and
punch timings of the 2540.

I could only get his computer weekend nights, of course, and to test the
program I had to kneel on the floor, one thumb on the reader stop
button, the other on the punch. One Sunday night I had just started it
when security came into the computer room and I lost my concentration,
and didn't have the program quite right. What security saw, and nearly
pissed himself laughing at, was this guy kneeling in front of a machine
while a whole box of cards flew past him all over the room. I never did
get those timings quite right!

OK, now I'm the lucky one. I also "nearly pissed [my]self laughing at"
your story

I do international folkdancing, often Eastern European stuff. A number
of years ago, when computers were large objects, I went behind the
computer cabinets to practice a relatively difficult Bulgarian dance
that I was having trouble with. When someone (a non-dancer) walked
around from the front side and saw me, my expression was pretty
sheepish...

 

[Robin Bignall]

On Thu, 20 Sep 2012 22:02:02 +0100, Robin Bignall

[snip]

I could only get his computer weekend nights, of course, and to test the
program I had to kneel on the floor, one thumb on the reader stop
button, the other on the punch. One Sunday night I had just started it
when security came into the computer room and I lost my concentration,
and didn't have the program quite right. What security saw, and nearly
pissed himself laughing at, was this guy kneeling in front of a machine
while a whole box of cards flew past him all over the room. I never did
get those timings quite right!

You forgot to do the sacrifice first before praying, right?

I guess real prayer needs a High Level Language. They only taught us
BASIC on SE school.