At 05:01 AM 2/11/2004, Eveline wrote: >I don't know if you have heard, but Microsoft already knew about this >issue, 6 months ago.... The >security company which discovered the problem, had to promise Microsoft >not to go public with this >until they had a solution..... > >Nice practises, isn't it...... Yup - read that. Such a delay just makes it even more important to patch immediately. If someone found the hole 6 months ago and you take into consideration the number of people pounding on the OS looking for hole - someone (or several someone's) are bound to discover the hole independently and they might not be working for the good guys. There are real zero-day* exploits floating around out there, if you own/manager/admin a server no matter what the OS you have to keep up with the patches. And keep an ear to the ground on non-public security holes. Of course you also need to practice safe hex and minimize the access points in your machine by turning off all non-essential services. * A Zero-Day exploit is an unknown/non-public security hole that is being used by crackers to gain access to machines. http://netsecurity.about.com/library/weekly/aa031903a.htm --- Anthony Baratta President Keyboard Jockeys "Conformity is the refuge of the unimaginative."