-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Geoincidents wrote:
|> Exactly the point of full disclosure. If someone with a serious |> axe to | | grind would have stumbled onto the ASN.1 flaw before the Eeye | notice, it could have been an ELE* for MS and some major | corporations. | |> Let's see, unpatched ASN.1 + Flash Worm = ? | | | I think you seriously underestimate the hacking skills of eeye, | there are very few who could turn the bugs they find into full blow | root level exploits. | | Geo.
That's retarded. Immunity is releasing a universal, repeatable, lsass exploit in about 5 minutes to our CANVAS customers, for example, and we're sure everyone else is done as well. For bonus credit we're including a working ASN.1 exploit that owns IIS, Exchange, and everything else...
Dave Aitel Immunity, Inc. http://www.immunitysec.com/CANVAS/ "Have your hacking skills underestimated by random people on FD"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFAfdtzzOrqAtg8JS8RAsXlAKCdC74SQ15A7/enDE5WUuJU8kmzWACglUGR LQ/bCax5wYlJEIw+3Oew370= =HS6z -----END PGP SIGNATURE-----
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html