Proverbs, aphorisms, quotations (English) | by Linux fortune |
Under capitalism, man exploits man. Under communism, it's just the opposite. -- J.K. Galbraith | |
Security Holes Found In Microsoft Easter Eggs REDMOND, WA -- It's damage control time for the Microsoft Marketing Machine. Not only have exploits been found in IE, Outlook, and even the Dancing Paper Clip, but now holes have been uncovered in Excel's Flight Simulator and Word's pinball game. "If you enter Excel 97's flight simulator and then hit the F1, X, and SysRq keys while reading a file from Drive A:, you automatically gain Administrator rights on Windows NT," explained the security expert who first discovered the problem. "And that's just the tip of the iceberg." Office 97 and 2000 both contain two hidden DLLs, billrulez.dll and eastereggs.dll, that are marked as "Safe for scripting" but are not. Arbitrary Visual BASIC code can be executed using these files. More disturbing, however, are the undocumented API calls "ChangeAllPasswordsToDefault", "OpenBackDoor", "InitiateBlueScreenNow", and "UploadRegistryToMicrosoft" within easter~1.dll. Microsoft spokesdroids have already hailed the problem as "an insignificant byproduct of Microsoft innovation." | |
Look Out! It's Microsoft Outlook An old maxim in the Unix community states, "All programs expand until they can read mail... except Microsoft Outlook." Well, that's no longer true. By taking advantage of loopholes in several undocumented APIs, a team of geeks were able to transform Outlook from a virus-delivery system into an actual mail client. "It was quite a feat to accomplish this," said one of the geeks. "I mean, the rat's nest that is the Windows API can be used to frighten small children... or adults. And the frequency by which Outlook exploits are discovered is directly proportional to the number of times Bill Gates uses the word 'innovation'. But this is the first time somebody has discovered a beneficial exploit." Microsoft has vowed to release a patch to fix the uncovered security flaws. "We simply cannot tolerate unauthorized reverse engineering and hacking of our innovative solutions. Our Security Response Team will pull an all-nighter to eliminate these known issues." |