> The page > http://support.intel.com/support/processors/pentium/ppiie/software.htm > contains comments from the main OS vendors on what they have done to > solve the problem. > > I can't beleive there are OS vendors like Sun, Novell, Microsoft, etc > that say that they are not affected by the bug because they require > user authentication to be able to run programs in the OS's, or that > they haven't heard of problems from their customers. Gosh!!! This is > unbelievable!!!
Why? I don't see anything strange/stupid in Microsoft's responce on the page you mention: On Win3.11/95, as far as I know, there isn't much difference between what we call "user" and "root", so any user can already lock the machine solid. That there is another 5-byte opcode that also does it, is rather irrelevant for Win3.11. And SunSoft's responce is quite "commercially right" too. Play down the importance of the problem as long as you can (i.e., until you have a patch). Anyway, I don't think there are too many people running SlowLaris on x86 machines, so the problem isn't that big for SunSoft. Oh, and I don't know enough about Novel's network operating system NetWare/IntranetWare. If it's only a "nework system", that doesn't allow execution of random bits of code, then what they say is true. Same holds for a Linux-2.0.31 Samba/NFS fileserver, you cannot crash that with the f00f bug either. -- joost witteveen, [EMAIL PROTECTED] Potentially offensive files, part 5: /dev/random. `head -c 4 /dev/random` may print 4-letter words (once every approx 4e8 tries). -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
