Bonum Certa Men Certa
Gnote Can Save GNOME from Mono | From MSODF to MSPDF?

Reader's Article: Does Microsoft Create Security FUD Against Rivals?

"Working behind the scenes to orchestrate "independent" praise of our technology, and damnation of the enemy's, is a key evangelism function during the Slog. "Independent" analyst's report should be issued, praising your technology and damning the competitors (or ignoring them). "Independent" consultants should write columns and articles, give conference presentations and moderate stacked panels, all on our behalf (and setting them up as experts in the new technology, available for just $200/hour). "Independent" academic sources should be cultivated and quoted (and research money granted). "Independent" courseware providers should start profiting from their early involvement in our technology. Every possible source of leverage should be sought and turned to our advantage."

--Microsoft, internal document [PDF]



Reader's summary: Microsoft first to fix pool overruns vulnerability, or is it?

Microsoft invents a 'fix' for some bogus security bug and 'Independent Security Evaluator' heaps praise on Microsoft and talks up the 'vulnerability' in Mac OS X and GNU/Linux.



The article is a little short on any actual details of the exploit. I thought 'Safe unlinking' of 'doubly linked lists' was de regur on any information processing system.

“The article is a little short on any actual details of the exploit.”I hadn't heard the term before, and I do try and keep up. Are there any actual examples of 'pool overruns', in the public domain, that can be successfully run on Mac OS X and GNU/Linux?

To quote: "Independent Security Evaluators has successfully exploited weaknesses in Windows, OS X and Linux. "I think they're trying to stay ahead of the curve" [...] This simple check blocks the most common exploit technique for pool overruns"

Where and how did Microsoft come out with a fix so quickly and why not design a MMU that isn't vulnerable to 'pool overruns' rather than having to check for them, after the fact, so to speak?

To quote again: “It doesn't mean pool overruns are impossible to exploit, but it significantly increases the work for an attacker

Comments

Gnote Can Save GNOME from Mono | From MSODF to MSPDF?

Recent Techrights' Posts

Microsoft XBox Layoffs: Almost 2,000 Layoffs Became "Over 2,000"? (Over 20% of the Staff)
over 20% of staff will be let go, not counting staff that leaves voluntarily
Summer Plans in Techrights and Elsewhere
massive layoffs at Microsoft
 
EPO Presentation Bemoans Misuse of Slop in Decision-Making on Patents and in Classification (Which is Likely Illegal Too)
We habitually mention failed use cases of LLMs on the Web
Mass Layoffs at Microsoft Confirmed, "XBox Hardware Is Dead"
It's possible that over 20% of the staff will be laid off
Links 30/06/2025: Kyrgyzstan vs Media Freedom, Dalai Lama Succession
Links for the day
Gemini Links 30/06/2025: Backend Programs in Gemini and Dynamic Content Without The Scripting
Links for the day
Links 30/06/2025: Zuckerberg’s Tax-Evading Scheme Harms Kids, US Copyright Office Lacks Leadership
Links for the day
Microsoft Isn't Laying Off Tens of Thousands to 'Invest' in Slop ('Hey Hi'), It's Laying Off Tens of Thousands Because It's Running Out of Money (and Willing Lenders)
the layoffs are a sign of the business failing, not "hey hi" (whatever that is) replacing staff
Intel Lays Off 20% of Its Workforce, Microsoft is Doing the Same This Year
Like a yoyo, whatever goes up will come back down
GNU/Linux Rises to New Highs in Angola, Africa in General is Abandoning Windows
Western media barely covers Microsoft layoffs in Africa, but in recent years Microsoft culled the workforce and even shut down entire operations
Destination Geminispace (in the Age of LLM Slop and Slop Images That Infest the Web and Social Control Media)
Geminispace isn't vast, but at least it is - on average - a lot "cleaner"
GNU/Linux Growing in Sierra Leone This Year
Based on what statCounter is seeing, this year there are more and more people there who adopt GNU/Linux
Serial Sloppers Gonna Slop
More sites out there ought to call out the cheaters
Quartz (qz.com) is Spam and a Slopfarm
It used to be OK. Then they fired the staff.
Links 30/06/2025: US Economic Woes, Extreme Heat
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, June 29, 2025
IRC logs for Sunday, June 29, 2025
Gemini Links 30/06/2025: "The AI Hype" and New AuraGem Ask
Links for the day
Our Desktops Are Not Your Experiments, X is Not an Experiment
Breaking what already worked
Microsoft's Big Lies Regarding This Week's Mass Layoffs Have Already Begun (and They're Already Being Spread by Slopfarms)
Microsoft is the "market leader" in slop
Explaining the Full Story of SLAPPs From Microsoft Staff
For every action there is a reaction, for every attack there will be proportionate consequences
The Openwashing Shills Initiative (OSI) - Part III: IRS and Status of OSI
"They lied to the US IRS and there’s a paper trail"
IBM Red Hat's Dogmatic Fanaticism Under a Thin Veil of "Modernism"
IBM now has the audacity to paint people who don't agree as "nazis"
Microsoft's Share in Guatemala Fell From 97% to 14%
Eventually Microsoft will get stuck in a loop of layoffs, layoffs, and more layoffs
They Made Technology Scary and Taught Us That It's Innocent, Friendly, Even "Social"
Rejection of all this "apps" and "gadgets" and "Smart" (whatever that means!) status quo isn't a rejection of society
The Media is Under Attacks Partly Because There's Little Other (Remaining) Press to Speak in Its Defence
The biggest danger here is that when there's very little press or no "opposition media" left it becomes even easier to crush critics because there aren't many people left to speak about the matter
If Your Web Site is Run by Bots, Eventually Nobody Will 'Read' It Except Bots (People Don't Want to Read Slop)
Eventually people learn from mistakes
Links 29/06/2025: Microsoft Releases False/Fake Benchmarks, "Google Wants You to Watch Ads or Take Surveys to Read Articles"
Links for the day
Links 29/06/2025: Data Breaches and Online Censorship
Links for the day
Gemini Links 29/06/2025: "The Price Of Eggs" and Gemini 3D Tic Tac Toe
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, June 28, 2025
IRC logs for Saturday, June 28, 2025
The "News" You Saw About Canonical is Misleading, It Made Only 18 Million Dollars Last Year and Barely Paid Any Taxes
Lies are the norm these days...
Pushing Wayland Using Straw Man Arguments
phoronix.com has long promoted the talking point of "Wayland people" (for at least a decade already)
Australia: Windows Fell to All-Time Low, Even Lower Than iOS
There's a good reason why next week there will be so many Microsoft layoffs
Slopwatch: Linuxsecurity, WebProNews, and Google News Boosting Slopfarms as 'News'
People who don't recognise the slopfarms and don't know which sites are fake would struggle to understand what's really going on
Links 28/06/2025: Hardware/GPU Wars, GAFAM Throws Money (Borrowed Cash) at Hopeless Slop Pipe Dream
Links for the day
Gemini Links 28/06/2025: Shellshock and Network UPS Tools
Links for the day
Links 28/06/2025: The Age of Integrity and FreeBSD Foundation Added John Baldwin as Board Member
Links for the day
Fedora 44
IBM now does to Fedora what it did to RHEL
Microsoft Already Shaved Off Costs Anywhere It Could. It Was Not Enough.
Office and Windows aren't "selling" (licences) like they used to
Scheduled Maintenance Next Week
Our community is alive and well
BetaNews: We're Publishing LLM Slop About LLM Slop
Beta version of a slopfarm?
3-Month Updates on Our Complaint to the Solicitors Regulation Authority (SRA)
In short, the complaint remains open, updated, and is advancing
IBM Red States Hat (Project 2025): Our "New Thing" Replaces This "Old Thing"
The new replaces the old. That's how IBM frames it.
Start X
Just because something is old does not mean it is bad
Slopwatch: Linuxsecurity, Google News Slopfarms, and Linux Journal (LJ)
Today we take a quick look at 3 slopfarms
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, June 27, 2025
IRC logs for Friday, June 27, 2025
Links 28/06/2025: "CC Signals" Virtue-Signals to Slop Ponzi Schemes, North Korea Aims for Tourism
Links for the day