Shostack + Friends Blog Archive



So Microsoft has released XP2 on a CD. I’m not currently running any Windows machines, but I figure hey, this is an important patch, and I should be able to foist it on people. So I go to Microsoft’s Order a CD site. I am curious to see what else the CD might contain.
A few notes:
1) This site requires that you turn on Javascript for it to work.
2) The digital certificate presented for encryption is one from Microsoft that is in IE, but not say, Safari.
3) The site asks for your phone number and email. How they’ll be used is not made clear in their privacy policy. I lied to them. (Sorry folks!)
No, I’m not volunteering to fix their computers when they break, but I wasn’t volunteering to fix their computers after they’re broken into, either. I do know that installing this patch will make you substantially safer, and suggest that your total non-productive time from both security issues and debugging will be lower after this. So backup and install off the net. And order a CD in case you need to re-install your OS.

2 comments on "XP SP2"

  • dbs says:

    Is Javascript -really- a security hole anymore? It was (quite deservedly so) the bane of any security geeks existence 4 years ago, but there are far more brutal ways to attack a machine than via javascript nowadays, yes?
    I had catalogged Javascript as “as safe or unsafe as surfing the web with just HTML” – which can also lead to compromises, but is disabling Javascript actually a win?

  • Lisa says:

    I’ve got that on my box now. The anti-virus software they have us using at work won’t run anymore. So I called and got the “this is an unsupported SP – for developers only”. Goobers.

Comments are closed.