“Microsoft Corp. said yesterday that the Secure Sockets Layer (SSL) flaw recently uncovered by an independent researcher is in multiple versions of the Windows operating system, not its Internet Explorer Web browser. Company officials added that the flaw isn’t in Microsoft’s CryptoAPI application program interface (CAPI) either, which would have left a number of applications and Windows services vulnerable, not just Internet Explorer.” Read the report at ComputerWorld.
Microsoft: SSL Flaw is in Operating System, not in Web Browser
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
thats gotta hurt.
“It’s in the crypto of the operating system, so we have to patch the OS”
“IE is a consumer of those crypto services”
Last sentence….. “the SSL flaw doesn’t affect any other application outside Internet Explorer”
With this design, they now have to patch four or five OS’s for a service that only one application uses? Me wonders if that last quote is totally accurate
They probably have something like SSL in the kernel that’s only used by one program (Internet Explorer) so they can continue to claim IE is integrated into the OS.
The more apps they make a part of the OS the more problems they’ll have like this, I imagine.
Ah, they are just trying to make everyone believe they are the great innovators – again.
I think this is just a good sign that it time for the majority of computer users to hang up the windows OS. Mac and Linux systems have they’re own vulnerabilities yes, but at least when someone calls them on it, there is usually never any kind of “defensive” behavior as there is with you know who. Anyway, if i could just get my modem to work in Linux, it would be bye bye Windows for the most part.
you have to remember that most people could give a rats @$$ about this flaw. Security is one of the low priorities on most peoples mind. Also i don’t think this is some earth shattering thing. Things have flaws it happens. Probably nothing bad will ever come of this. And MS in time will have a fix out.
At the same time you talk of this cause people to toss windows you make a perfect point why people won’t be switching anytime soon. You can’t get your modem working. No normal person will put up with any extra effort involved in getting something working. In your case it sounds like you are big into ditching windows but don’t because of your modem. All you have to do it buy a new modem and your “free”. So you your self show how your not to eger to leave windows behind.
Bugs and such like this won’t stop people from using windows nor will they care. It will take an earth shattering thing to make people think about changing and then the probable won’t. Untill it’s discovered that using windows Will kill you, or MS is going to require brain implants even if you don’t use windows. People will use it. If there is some app they use it doesn’t matter if someone has come up with something that is the same in everyway many will want what they use now. The only way around this is to have something truely revolutionary to make people want to switch, Linux and bascily no other OS has this, BeOS was the closest thing and in all reality it was nothing earthshattering over windows.
>With this design, they now have to patch four or five OS’s for a service that only one application uses? >Me wonders if that last quote is totally accurate
It could be IE uses some undocumented API to the SSL lib, but that can’t be for MS tells us such tings as undockumeted APIs don’t exist:)
On one hand I can understand with having your encryption algorithms built into the operating system so you wouldn’t have to update every program individually. What bothers me is that Microsoft has been on this security first kick for almost a year now, looking at and reviewing code — however — the first place I would look for security problems would be the logic in which my security protocols. I don’t know I guess it is just me. Perhaps when they said security they meant reliability and they just got those two mixed up. But cutting them some slack, programmers can’t catch every mistake. And I doubt I have written 100% bug free software. Windows is an okay OS, however I really want to try the Mac OS X. I want to see what is all the hype about.
I’ve been using Linux since early 1998 and I’ve never had any problems with getting my (real) modems (when I used a modem) working. I’ve had great success out of the box (or downloaded ISO’s) with SuSE, RedHat and Mandrake for quite some time. The problem is more than likely with your modem. My notebook computer has a cheesy WinModem, and I’ve never had it come up working, but at the price of PCMCIA combo modem/NIC’s, it was no big deal.
Advice: Buy a real modem.
[i]”Untill it’s discovered that using windows Will kill you”</>
Note that the Windows XP EULA has language that excludes Microsoft from liability when this occurs. Hmm….
RE:Time to switch?
Okay, so you want to get a real operating system? Plunk down $80.00 and get a real modem to go with it. Regardless of the OS, Winmodems offload work to the CPU so the hardware manufacturer could save a buck or two.
I think most of us knew that there are plenty of flaws with the OS.
This just adds fuel to the fire.