ally alter modern information security. I do not see how
any organization can believe itself to be adequately secured when the
simple ability to prove security measures are working, and quickly
determine the precise method of failure when they break down,
essentially does not exist today.
Sincere
icrosoft-signed ActiveX control.
But I could be mistaken, this is commentary from memory not experimental
result.
I'd much rather spend my time conducting security audits of Linux and trying
to help those companies threatened by SCO's copyright claims defend themselves
in court.
Jaso
s and some infosec
researchers derive income from such Vulnerability Reporting and Response
Process; but the economic interests of the few do not outweigh the interests
of the many. We've already been down that path, and the result is Microsoft.
Jason Coombs
[EMAIL PROTECTED]
-Original Me
ncouraged.
Sincerely,
Jason Coombs
[EMAIL PROTECTED]
-Original Message-
From: Craig Ozancin [mailto:[EMAIL PROTECTED] Behalf Of Sym
Security
Sent: Tuesday, June 24, 2003 7:09 AM
To: [EMAIL PROTECTED]
Subject: [Symantec Security Advisor] Symantec Security Check ActiveX
Buffer Overflo
ng ALL e-mail that originates from AOL because
of these very issues.
Sincerely,
Jason Coombs
[EMAIL PROTECTED]
--
A Report on SPAM Blackholes, Blocking/Filtering, and AOL
For the last month I have purposefully used AOL for SMTP server mail relay
in order to analyze the real-world impact of blackhol
-Original Message-
From: Jason Coombs [mailto:[EMAIL PROTECTED]
Sent: Sunday, February 16, 2003 10:31 AM
To: Bruce Schneier
Subject: RE: CRYPTO-GRAM, February 15, 2003
Aloha, Bruce.
This is in response to your Crypto-Gram discussion of the Sapphire/SQL
Slammer worm that struck
Domestic Security Enhancement Act of 2003, A.K.A. Patriot Act II, is
circulating in "discussion draft" form. It includes a requirement for
companies that use potentially dangerous chemicals to produce a "worst case
scenario" report which would be "obfuscated" to provide everyone with
increased secu
critical security upgrade away free to all licensed owners
of Windows NT/2000 as an apology of their own.
Sincerely,
Jason Coombs
[EMAIL PROTECTED]
ld be unnecessary because we would have the tools
and the information necessary to reign in our microprocessors and OS APIs.
Arbitrary malicious code can cause a CPU to do math, but it can't cause a
CPU to do harm unless it is able to communicate with or control a willing
victim (such as a device drive
uture that create far more hype
than would emphasizing the extreme possibilities for exploitation of each
vulnerability in the first place.
Besides, I thought our collective infosec goal was to prevent incidents, not
work together to prevent hype.
Jason Coombs
[EMAIL PROTECTED]
sting. Everything else is denied by default until we analyze its
origin and intended function."
Jason Coombs
[EMAIL PROTECTED]
-Original Message-
From: Michael Wojcik [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 05, 2003 10:43 PM
To: BugTraq
Cc: [EMAIL PROTECTED]; Nicholas Weaver
S
everity of security vulnerabilities, a practice that
misleads and misinforms.
Sincerely,
Jason Coombs
[EMAIL PROTECTED]
-Original Message-
Sent: Wednesday, February 05, 2003 4:10 PM
Subject: Microsoft Security Bulletin MS03-005: Unchecked Buffer in
Windows Redirector Could Allow Privilege Elevat
urce code and without losing binary
backwards compatibility. It is far better to build this countermeasure at
the source level.
This solution brings the essential security benefits of non-programmable
firmware-based embedded systems to our programmable computers and it is long
overdue.
Sincerely,
't allow compiled code to execute on your box unless it has been
authorized to execute in advance based on its hash code.
E. If code is vulnerable, don't use it.
Jason Coombs
[EMAIL PROTECTED]
lity agreements, and other impairments are superior in every
respect and in every instance thus far examined by this author.
Sincerely,
Jason Coombs
[EMAIL PROTECTED]
body, somewhere
might actually be thinking for a change. Unfortunate inconveniences aside,
anything actually *damaged* by Sapphire (in a physical/non-trivial sense of
the word) was too vulnerable for use in the first place.
Sincerely,
Jason Coombs
[EMAIL PROTECTED]
ently with Kerberos are also
an ongoing problem.
Sincerely,
Jason Coombs
[EMAIL PROTECTED]
-Original Message-
From: Arne Vidstrom [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, November 27, 2002 8:06 PM
To: [EMAIL PROTECTED]
Subject: Kerberos login sniffer and cracker for Windows 2000/XP
H
sion explicitly to
the FQDN. This would create a new need for a manageability interface to
allow administrators to configure appropriate DOM/FQDN permissions for large
install bases, of course... But that's another thread of discussion.
Sincerely,
Jason Coombs
[EMAIL PROTECTED]
-O
ress bound to the network interface whose \Device\ virtual name I entered
into the TransportBindName. Perhaps you can only disable port 445/SMB
entirely, there may be no way to disable it selectively.
However, port 1025 is still being bound by SYSTEM ... I have no idea why.
Sincerely,
Jason Coo
meline
whether or not Dave had any contact with Microsoft pursuant to 3.5.3 acting
in the role of Coordinator. Microsoft doesn't disagree that there is a bug,
but in the future you should infer that they don't fully comprehend it based
on the inadequacy of their Vendor Response. They ar
ost: header configured.
Sincerely,
Jason Coombs
[EMAIL PROTECTED]
-Original Message-
From: Thor Larholm [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 29, 2002 11:51 PM
To: Microsoft Security Response Center; [EMAIL PROTECTED]
Subject: RE: XWT Foundation Advisory
> From: Microsoft Se
21 matches
Mail list logo