|
It was a case of bad formatting. All fixed.
You can absolutely volunteer to be a fixer-upper editor. Email sean at codeproject.com and he'll put you through a gruelling test ("you want to help editing? Great - here are the keys")
cheers,
Chris Maunder
The Code Project | Co-founder
Microsoft C++ MVP
|
|
|
|
|
Done.
|
|
|
|
|
|
It seems to be pretty original content, since google and bing don't return any other hits on this particular exploit.
If it's genuine, then it's certainly concerning that there's such a loophole. If so the article should not only remain but it should be voted up into noticeable prominence so it gains enough visibility for someone at Microsoft to take a look into the issue.
|
|
|
|
|
An alternative could be to send it to MS right away (and the software security providers such as McAfee), and maybe quarantine it here for a week or more, before making it public. We might not want to become a front-line resource for malware authors, that is what I was thinking.
|
|
|
|
|
Luc Pattyn wrote: We might not want to become a front-line resource for malware authors, that is what I was thinking.
I agree. Also, his choice of username is not particularly comforting and while it might be a stereotype his profile-country is one that's well known for many such exploits.
|
|
|
|
|
I certainly agree that a quarantine on this article would be wise considering the content.
The fact that this is a brand new user with an interesting choice in username just reinforces my thoughts on this.
I wasn't, now I am, then I won't be anymore.
|
|
|
|
|
MS are aware of this issue and are investigating
But yes, i agree, CP does not want to become a hunting ground for this type of content, otherwise it will start being blocked by the corporations and it will ruin the party for everyone.
I would prefer to see the article pulled, no matter how good it is. If we as a community do not even tolerate people discussing how to break captcha robots, then surely privilege escalation is worse!
|
|
|
|
|
From an article standpoint, I thought it very good one. The author provided well explained code and a good proof of concept example. The fact that it represents a security exploit leaves me not feeling good, but the only way to get them fixed is to educate people about the existence of these exploits. The article hits that nail squarely on the head.
Chris Meech
I am Canadian. [heard in a local bar]
In theory there is no difference between theory and practice. In practice there is. [Yogi Berra]
posting about Crystal Reports here is like discussing gay marriage on a catholic church’s website.[Nishant Sivakumar]
|
|
|
|
|
IF the article was describing a patched vulnerability I'd be much less concerned (the curious could create a vulnerable VM for the purpose). Publishing a zeroday exploit without proof that the software authors are willfully refusing to fix it negligent at best.
3x12=36
2x12=24
1x12=12
0x12=18
|
|
|
|
|
Dan Neely wrote: Publishing a zeroday exploit without proof that the software authors are willfully refusing to fix it negligent at best.
I'm not sure that I agree with the author having to provide the proof. The author is not responsible for the action or inaction of Microsoft. Too me, his proof is limited to only a working example the exploit itself. At this stage it is up to Microsoft to either confirm or deny it as an exploit and if so, whether they are doing anything about it.
Chris Meech
I am Canadian. [heard in a local bar]
In theory there is no difference between theory and practice. In practice there is. [Yogi Berra]
posting about Crystal Reports here is like discussing gay marriage on a catholic church’s website.[Nishant Sivakumar]
|
|
|
|
|
I love open sharing of information but it must show a certain degree of responsibility.
I've suspended the article for now and have contacted Microsoft. I am hoping we can have the article back up soon.
cheers,
Chris Maunder
The Code Project | Co-founder
Microsoft C++ MVP
|
|
|
|
|
|
Good use of ethics. Sadly, some people have already seen the article and seem interested in trying it out. On the other hand, yay go CP authors.
|
|
|
|
|
I was late to the party and missed this one
I'm not interested in using the exploit but it's good to know about them.
|
|
|
|
|
Good call, Chris.
I wasn't, now I am, then I won't be anymore.
|
|
|
|
|
Was it just me or CodeProject website was down for last 5 min... earlier I was unable to post answer and then the website itself was not opening!
|
|
|
|
|
Same problem, site didn't load last 5 min or so.
So no wasn't just you
|
|
|
|
|
I thought that too...
nearly had to partake in real work
As barmey as a sack of badgers
Dude, if I knew what I was doing in life, I'd be rich, retired, dating a supermodel and laughing at the rest of you from the sidelines.
|
|
|
|
|
Must have been serious!
------------------------------------
I will never again mention that I was the poster of the One Millionth Lounge Post, nor that it was complete drivel. Dalek Dave
CCC League Table Link
CCC Link[ ^]
|
|
|
|
|
|
We added a new server to the cluster - something we've done a million times before - and for some reason it caused the others to go nutso. It was removed, the others settled down.
Antisocial bunch...
cheers,
Chris Maunder
The Code Project | Co-founder
Microsoft C++ MVP
|
|
|
|
|
|
Nothing happens when I click on the links on the following page:
http://www.codeproject.com/script/Articles/BlogFeedList.aspx
I use Google Chrome if that changes anything.
|
|
|
|
|
Looking into this now
Sincerely,
Elina
Life is great!!!
Enjoy every moment of it!
|
|
|
|