A new vulnerability has just been found in Mono. This one is funny:
Vulnerability reported by Redhat.
Is that a technical vulnerability only, or also a legal one? Either way, Fedora 10 has no Mono in the Live CD. It’s not there anymore.
Nominum Solves Kaminsky Attack, and Novell’s iPrint Open to Attack, Say Researchers. What do these stories have in common? I was thinking perhaps institutionalized delusional thinking and incompetence, but maybe I’m being too harsh.
Lest anyone think I am being too mean to poor old defenseless Novell and Microsoft, I recall ActiveX security advisories almost from its inception back in 1996 or so. What has changed since then, twelve years later? Nothing, as this random recent security bulletin shows:
“Microsoft has released Security Advisory (955179) to describe attacks on a vulnerability in the Microsoft Office Snapshot Viewer ActiveX control. Because no fix is currently available for this vulnerability, please see the Security Advisory and US-CERT Vulnerability Note VU#837785 for workarounds.”
So we need to revise the popular “fool me once” saying:
Fool me once, shame on you
Fool me twice, shame on me
Fool me thousands of times over many years…let’s get married!”
Now why is it again that corporate participation is important to FOSS?
When will Novell finally start thinking for itself? It already supports Windows Vista , Internet Explorer, ActiveX, .NET, and XAML (Silverlight). It only helps in spreading the problems and everyone suffers as a result, except Microsoft. █
“Two security researchers have developed a new technique that essentially bypasses all of the memory protection safeguards in the Windows Vista operating system…”
–Dennis Fisher, August 7th, 2008