From your blog:
While we know there's still a lot of cleaning up to do in their binary
planting closet, our research-oriented minds remain challenged to find new ways
of exploiting these critical bugs and bypassing new and old countermeasures. In
the end, it was our research that got the ball
Hi Thor,
Thank you very much for sharing your point of view. If Microsoft thought the
same
though, they probably wouldn't be fixing these bugs. I suppose they don't
understand
what security really is the same way we don't. ;-)
Regards,
Mitja
-Original Message-
From: Thor (Hammer
Hey Chris,
I bet Microsoft actually like stating they just fixed yet
another severe bug.
Zero-day fixing is big business, you knoweven if zero
is past a few days.
I don't think Microsoft gains much from being able to say they fixed yet
another bug
- maybe if it were a bug they found
I'm curious. Who is your contact at MSFT? Who is it that has told you they
have a Binary Planting Clean-up Mission and where do they mention you as
having anything to do with it?
If you are going to claim MSFT's actions as substantive to your agenda, how
about provide some details?
t
Hi Thor,
Microsoft is maintaining a list of binary planting bugs they've fixed here:
http://technet.microsoft.com/en-us/security/advisory/2269637
You will find our name in some of these advisories.
Calling the above effort a Binary Planting Clean-up Mission was merely a
benign
poetic exercise,
Hi Adam,
I'm afraid you don't fully understand the issue. This is not about placing your
own
DLL on a local machine so that a chosen application will load it (i.e., user
attacking an application on his own computer). It is about an application
running
on your computer silently grabbing a
http://zeronights.org/request
Saint-Petersburg, Russia, 25th of November
CFP consist of 2 steps
Participation requests admission of the first step is till 20.09.11
Program committee decision about the first part of speakers will be available
on the 30.09.11
Participation requests admission
[DSECRG-11-032] SAP NetWeaver ipcpricing - information disclose
com.sap.ipc.webapp.ipcpricing application has information disclose vulnerability
Digital Security Research Group [DSecRG] Advisory DSECRG-11-032 (Internal
DSecRG-00197)
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver
On Thu, Sep 15, 2011 at 7:11 PM, Michael Schmidt mschm...@drugstore.com wrote:
Someone’s just not reading the bulletins – Note the term “Remote” –
including webdav, so a share that could be fully controlled by the
exploiter. At least that is what I am understanding.
Updates released on