April 1 was two weeks ago, guys.
April 14, 2000 7:41 AM   Subscribe

April 1 was two weeks ago, guys. [I can't believe they could be so stupid.]
posted by Steven Den Beste (9 comments total)
 
No, this looks like it's real.

If not, RFP has certainly put a dent in his rep. The Journal certainly appears convinced, as does Russ Cooper from NTBugtraq (link not provided, securityfocus appears to be slashdotted right now).

Cheers,
-- jra
posted by baylink at 9:31 AM on April 14, 2000


In not-quite-related net shenanigan news, a smaller record company is attempting to sue Amazon and four other companies over their music-preview capacity.
posted by EngineBeak at 10:12 AM on April 14, 2000


That's the second suit against Amazon this week; the other one, delightfully enough, was a patent infringement stui.

How come you didn't put that up top, Beak?
posted by baylink at 10:17 AM on April 14, 2000


W-w-well, I didn't think it was worthy.
posted by EngineBeak at 10:20 AM on April 14, 2000


The interesting thing about this security hole is that Microsoft is telling people to "delete the 'dvwssr.dll' file" and everything should be fine. This begs the question: how many of the other files that Microsoft includes with their software are unnecessary and can be deleted?

"Oh, there's a bug in that file? Umm, just delete it."
posted by jkottke at 10:30 AM on April 14, 2000


"A security consultant known as "Rain Forest Puppy" notified Microsoft about the problem"

Don't you love this new world order?


posted by smackfu at 10:37 AM on April 14, 2000


According to some discussion on the NTBugTraq list, the actual security hole in Frontpage98 server extensions has nothing to do with the "Netscape engineers are weenies!" phrase. However, in finding the security hole, "Rain Forest Puppy" noticed the string. Apparently, that string (reversed) had been around in DLLs since 1995, and was used to obfuscate data being sent over a network connection (poor man's encryption?). Anyway, since the string used could be arbitrary, and this was before the real "browser wars" broke out, the choice of that particular string was just an unfortunate coincidence.

In other words, a security hole was found, and coincidentally in that same file was this very interesting character string no one had noticed before. Of course, I'm just telling you what I've been reading, and I don't know how sure anyone is of what the real story is. I trust the guys on NTBugTraq a bit more than News.com, though.
posted by daveadams at 10:56 AM on April 14, 2000


To be honest, this whole thing doesn't surprise me much. There has been a long standing debate as to whether or not Microsoft has left a back door in the NT registry. A duplicate security key has been the main focus of the debate with Microsoft offering a very vague defense as to why it is there.
posted by Popstar at 1:10 PM on April 14, 2000


Further to Jason's comment earlier - let's all compete to see how many files Windows doesn't actually need.

Just imagine how it would speed up an ailing OS.
I bet Microsoft's next response will be to do what they've been doing since 1991; just bolt another piece of code on rather than workaround the bug and ameliorate the application.
posted by williamtry at 10:24 AM on April 15, 2000


« Older Hard drives in PlayStations!   |   Wacky Packages! Newer »


This thread has been archived and is closed to new comments