ghost_rider

My Feedback: (20)

The following was posted by the RCAdmin in the moderator’s forum. I wanted to post it here also to help dispel all the rumors going on about the recent RCU down time.


Here is another link to Forbes for those that want to read more about this hack going on.
http://www.forbes.com/technology/200..._0428hack.html

rhklenke

My Feedback: (24)

... and the typical Microsoft responce - "its not our problem, users are dumb..." [:'(]

acw

My Feedback: (1)

Actually, in this case, SQL injections are caused by poor use of Microsoft's software layer. I suspect the message board software is at fault.

It is good to have RCU back!

Arnaud

scaleMan

My Feedback: (92)

users are dumb....

saramos

Yea, look at the spelling of response!

ianober

My Feedback: (12)

Agree entirely I deal with "users" all day long and you wouldn't believe some of the s**t I come across on a daily basis.

rhklenke

My Feedback: (24)

Nice! I habitually misspell that word, so I rarely worry about it - especially in a forum that doesn't have an on-line spell checker. BTW, if you want to compare technical skills, background, or general IQ anytime, just let me know.

So, 500,000+ sites use Microsoft software that has an exploitable hole that Microsoft knew about but didn’t put any provision for checking or warning users about, but its not Microsoft’s fault?!? Typical, but I guess all the users were so thrilled that their crap worked at all that they just forgave them…

k_sonn

My Feedback: (32)

Wow. Blaming Microsoft is like blaming a car manufacture when someone gets in a wreck because they didn't apply the brakes. This attack was a SQL injection attack. If you don't know what that means, look it up. This attack is attributed to lazy developers not taking the proper security precautions, allowing hackers to submit bogus database queries. And by the way, it wasn't 500,000 web sites that was attacked but rather, 500,000 web pages (a web site can have more than one page).

[link=http://blogs.computerworld.com/is_microsoft_at_fault_for_web_site_crackin_spree]http://blogs.computerworld.com/is_microsoft_at_fault_for_web_site_crackin_spree[/link]

Kirk

scaleMan

My Feedback: (92)

don't fret, we all know your the smartest...

rhklenke

My Feedback: (24)

That's not a very good analogy - it’s more like blaming a car manufacturer for making a set of brakes that sometimes doesn't work and not telling you. Read your own link, even that guy doesn't think Microsoft is blameless. Typical Microsoft quality control - "let's see how many horses get out of the barn before we decide of the door needs to be closed... or if there is even door at all - maybe the roof will cave in before it becomes a problem anyway..."

I didn't say that. I also didn't say that somebody else was the dumbest because they didn't answer in complete sentences, they used “your” instead of “you’re” or didn’t capitalize the first letter of a sentence – none are apropos to the discussion...

Bob

k_sonn

My Feedback: (32)

I've been a software development project manager in this business for a long time. Responsible development companies know that stopping SQL injection attacks is the responsibility of the developer not the responsibility of the software manufacture. It's that simple.

Kirk

scaleMan

My Feedback: (92)

I was just making a point about how obnoxious your comment was.... take a chill pill buddy, being wrong isn't all that bad... take it like a man!

rhklenke

My Feedback: (24)

Time to put this discussion in /dev/pinheads ...

saramos

I made my comment more in ironic jest. I should have added an appropriate smiley. I even considered misspelling spelling.

Actually, I think both points are valid. Users are often lazy, and businesses like Microsoft are often reluctant to reveal problems to their customers.

btw, I found a small freeware app called iespell that adds a button to the IE toolbar to check spelling.
http://www.iespell.com/

Scott