Flutterby™! : MS/TCP

Next unread comment / Catchup all unread comments User Account Info | Logout | XML/Pilot/etc versions | Long version (with comments) | Weblog archives | Site Map | | Browse Topics


2001-08-02 22:11:30+00 by Dan Lyke 1 comments

Via Backup Brain, Cringely asks if we're going to see The Death of TCP/IP as Microsoft prepares to release some potentially big problems with socket exposure in Windows XP. I've been responding to SirCam messages with "Due to design flaws inherent in Microsoft products, you may have just sent me sensitive business information" (yes, a slight overstatement, it's really user stupidity, but design flaws compound that), and I propose that to prevent further spread of Code Red that we urge anyone running IIS turn off their server by clipping the power cord with scissors. This will solve both problems.

[ related topics: Microsoft moron ]

comments in ascending chronological order (reverse):

#Comment made: 2002-02-21 05:32:24+00 by: Dan Lyke

Rafe ponted to Karl Auerbach's refutation, which misses the point of the problem. The issue is not that a trusted user on a trusted machine can do IP spoofing, the issue is that given the propensity for Windows users to do stupid things, allowing user programs to do these things is asking for yet another emailed executable that can do these things.

And yes, I remember REXX remailers too, the infamous christmas tree one. We should be making code that only the user has authorized be running in more restrictive spaces, not less.