of CodeRed.C, .D or .F -- most
likely CodeRed.F as that variant has the drop-dead date "fixed" such
that it will still run on machines with correctly set dates and we do
still see a few machines infected with it.
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 326
NSE's site is to add
"&flashstatus=true" or "&flashstatus=false" (the latter is probably
more generally preferable) to the end of its internal links, and that
this is readily achieved through the copy-and-paste functionality of
your operating system/environme
astly doesn't, so I guess we can all tell what
that means about iDEFENSE's business focus. (Read the above-linked
item for a more detailed explication of all this.)
Regards,
Nick FitzGerald
___
Full-Disclosure - We believe in it.
Chart
r that the bad guys will always find the stupid bugs (and
often the arcane ones) so there will always be ways for "new stuff" to
get where it shouldn't be, so default-deny, rather than default-allow
(as known virus scanning provides) is the only sensible approach.
would be easily adopted in place
of on-access virus scanning and would only ever need updating just
before standard maintenance procedures update/patch the contents of the
managed PCs or new functionality (apps) were to be installed.
--
Nick FitzGerald
illa
1.0 the bug is even worse in that once you've properly set
network.enableIDN to "false" and restarted Mozilla, about.config still
shows the value of network.enableIDN as "false", even though the
browser is now actually running with IDN su
icious code were all but
non-existent and the "it will never happen to me" attitude reigned...
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3267092
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
actively - but there's
> nothing other than sheer laziness which is preventing them from
> *pro*actively incorporating support for these types of archives into
> their software.
One thing that "prevents" them from adding such support is the scanning
overhead in the on demand s
re bugs it will have, it would seem that the more archive
formats a scanner can handle the buggier the scanner will be, so maybe
such tests do tell us something about the quality of the products --
the higher the score, the buggier the product will be...)
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3267092
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
h blanket
and clearly inappropriately general disclaimers or claims for special
privileged rights _negate_, or at least substantially weaken, all such
claims the company makes as the company clearly has no idea which of
its, or its employees', actions or which of its product
as a user-selectable option _AFTER_
they have chosen the digest option. If this option were made available
by the list admins _AND_ Brian chose it,, it would not affect your
copies of the list mail at all.
Regards,
Nick FitzGerald
___
Fu
admins need to update their version of
Mailman, as I seem to recall that earlier versions supported only the
non-MIME digest format...
Regards,
Nick FitzGerald
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
ty setting.
Sophos fixed its recently re-designed into scripting hell virus
description web pages following user complaints.
Shall we see if iDEFENSE can actually use "the power of intelligence"
it claims to be able to provide its customers and produce secu
two most recent "releases" of an OS,
thus when Gold and SP1 are the only versions, "all versions" are
supported, but once SP2 ships, the Gold release for that OS drops off
the supported list.
There is nothing new about this at all.
Regards,
Nick FitzGerald
unaware of
this, so it is little surprise that so much of the "Security
Initiative" talk, starting with Bill's infamous letter a couple of
years back, is seen as just so much more marketing and spin.
Regards,
Nick FitzGerald
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
ess "admins", P2P, etc, etc...
In short, without IRC I'd expect we'd be pretty much exactly where we
are anyway (save we would have had one less inane question to answer on
some mailing list).
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 35
Pal. This is an easy process and is
integrated in the program's installation. It's for a good cause, my
car broke down last week (on the 4th of November, 2004) and buying a
new car (read: used) is currently financially impossible for me.
Regard
name. There are three
known variants already.
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
n and do not provide any form of backdooring to the
system, whereas the spammers are much more actively involved in
"managing" the latter and can actively update/replace/supplement the
code running on them. Thus the latter are much more likely able to
avoid (or perhaps "su
ur
question to the whole list, it would have been obvious you were not a
moron, but simply someone new to such lists and interested in how
things work. In that case I'd have given you a much nicer reply...)
Regards,
Nick FitzGerald
___
Full-D
ences -- this is all from memory...).
So, has any really good, large-scale sampling of these issues been
done, perhaps by the large Email/anti-spam managed services folks??
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
___
Fu
that have, themselves,
been hacked and if all the ISP is up to doing is closing the apparently
rogue site/account, or simply removing the "offending content" the site
(and others similarly hosted on the still badly maintained servers)
remains open to further, similar abuse.
Regards,
Ni
canned and found "not infected").
In short, this virus has been widely detected since late July/early
August by almost all "Western" virus detection engines, so the OP's
report and concerns would seem more than a tad misdirected...
--
Nick FitzGerald
Computer Virus Co
ection.
> Please - can we take this OFF list now? Thanks.
Had you followed your own advice by not posting your inflammatorily
ignorant off-topic opinion, you would not have prompted this (and
other) followups...
Regards,
Nick FitzGerald
___
of something's non-virus/Trojan/whatever
status...
> Noam Rathaus
> CTO
> Beyond Security Ltd.
I take it that is "beyond" as in "outside"...
Regards,
Nick FitzGerald
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
ntless
Email is generally nowhere near as annoying as getting two of GuidoZ'
rubbish).
Regards,
Nick FitzGerald
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
vious pointed out to you,
you had to compound that by posting a wacky "justaficashun" of your
originally pointless message.
Regards,
Nick FitzGerald
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
.ZIP the OP received contains a new Glieder or Mitglieder
variant, which may mean a new, as yet undetected, Bagle variant is out
there or may be about to be released.
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
___
Full-Dis
uot; JPEGs -- it
seems you assume the JPG to PNG convertor will necessarily and
"correctly" deal with such invalid input. Do we really know that is a
valid assumption?
Regards,
Nick FitzGerald
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
ere's
> the fire?
8-)
The real question is...
If there are no "hoaxes" or undue media hype about this, will Rob claim
that his "warning" saved us from the devastation of the hypesters??
(Sorry Rob, couldn't resist...)
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
form of HTML-embedded scripts, scripting in third-
party interpreted languages such as are used in SWF, etc, etc).
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
man (NVC)<[EMAIL PROTECTED]>
Panda Software <[EMAIL PROTECTED]>
Sophos Plc. <[EMAIL PROTECTED]>
Symantec (Norton) <[EMAIL PROTECTED]>
Trend Micro (PC-cillin) <[EMAIL PROTECTE
much less nerdy, much less IT-
oriented general user population have for user education being a useful
part of the solution?
Regards,
Nick FitzGerald
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
gestions are
more likely. Of course, it may turn out in this case that they are not
the explanation, but based on a great deal of experience and the event
descriptions given, I'd say that those are the more likely of the
suggestions made to date.
Regards,
Nick FitzGerald
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
itive" NATO setting.
Neither deliberately progressively typed the text into a visible Word
document though, but that effect could be pretty easily achieved using
Word VBA macro features.)
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
tion (probably unconfigured) is one possibility, already
commonly mentioned.
Another -- does this user have a wireless (proprietary RF, Bluetooth)
keyboard?
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
___
Full-Disclosur
fully expect it
will come back as it will find insufficient dust between your ears to
settle in and grow...
McDonald
O'Connor
FitzGerald
Checkmate, DickHead...
Nick FitzGerald
___
Full-Disclosure - We believe in it.
Charter: http://
g your example, perhaps?
> Cheers,
> BUGTRAQ Security Systems
> "If Nick FitzGerald had a brain cell for every bug we tracked, ...
Again, I am rather fortunate to weigh in considerably on the upside of
that equation...
> ... he'd be
> smart and not an arrogant no-nothing lik
ng code-signing certs in Microsoft's name to non-MS folk.
Reassiging a major eBay domain to Joe Schmoe just because he filled in
a web form.
Is there anything in common here apart from incompetence and obvious
lack of trustworthiness of this company's core busi
not sure I can
publicly discuss it, and as it has a rather distinctive reporting style
for this type of thing, I've removed that entry from the list...
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
___
Full-Disclosure - We
;And world plus dog should entrust
[OP] with such material because???".
> > > There is always no need for aggressive statement of
> > > suspicion, which you are close to here.
> > > While I understand aggression due to anger, I
>
Sophos Plc. <[EMAIL PROTECTED]>
Symantec (Norton) <[EMAIL PROTECTED]>
Trend Micro (PC-cillin) <[EMAIL PROTECTED]>
(Trend may only accept files from users of its products)
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/
or use in a service of the
kind Virus Total offers anyway because it paints a rather disturbing
trust picture -- "You can trust me because I can run a virus
scanner...").
Regards,
Nick FitzGerald
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
ping a patch -- it took quite some time for
this one to get patched -- the "dumbness" would be that they used IE at
all...).
Regards,
Nick FitzGerald
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
st of what I do.
Regards,
Nick FitzGerald
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
MAIL PROTECTED],-21787
This KnowledgeBase article mentions precisely these file contents:
http://support.microsoft.com/?id=330132
but gives no indication of what may cause its appearance on your
system. The suggested "fix" is simply d
(after far too many months of keeping it under the blanket mind you),
so maybe it's time for MS to pull itself up to Mozilla's standard?
Given how evil open source is (just ask Bill and Ben^H^H^HSteve), I'm
sure MS would not want to be seen to be operating _below_ the standar
r utilize the
resouirces of the individual machines in a network, to perform
housekeeping tasks on said machines out of hours and so on, things went
awry and the project was abandoned. IIRC, that work was by Shoch &
Hupp at XEROX PARC in the early 80's and is widely cited in some
circle
Clairmont, Jan M wrote:
<>
> ... So
> what is the alternative?
>
> Go to a totally secure network computing system like the military?
Hahahahahahahahahahahahahaha...
...
Oh, you didn't think you were making a funny??
Re
I hope the HP folk have read it and thought very carefully about all
this... (Sadly the media reports are too "light and fluffy" to make
anything sensible of what HP is really proposing.)
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
t's a pity you didn't understand what you read then, as you have
presented no good arguments against the points I have now made several
times, and mostly you simply regurgitate the clue-free comments that
you have already made.
I am now very tired of repeating myself
break, at least for "high interest" viruses but
that is only a partial solution to the problem.
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
would clearly be detrimental to an
independent group of software developers.
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
hread -- as the only person
> > making a significant contribution who has more than half a clue about
> > how all this stuff works, what may be technically feasible, and what a
> > great deal of customer and industry history suggests ma
.. Despite that
though, in the real world, A. through E. is what actually happens and
very occasionally F. (actually, G. kind of happened too, though I've
taken a few liberties with the scenario...).
Sadly, despite us all knowing that A. through E. is "everyday reality"
many A
ase, please read _all_ the rest of thread -- as the only person
making a significant contribution who has more than half a clue about
how all this stuff works, what may be technically feasible, and what a
great deal of customer and industry history suggests may be acceptable,
answering the same misconceptions over and over is getting tiresome...)
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
that they stay ahead of the AV industry's detection of it...
> I hope you have your tinfoil hat firmly mounted and calibrated.
Screwed it up to make a play-toy for the dog years ago...
> Thanks for the links though. It's fun to see a poorly conceived
> gove
27;t seen any showstopper
examples of such things going horribly wrong for a decade or so now
(though that may simply mean today's VX'ers are lamer than those of
yesteryear...).
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
s going to suggest will come close to being useful
given the intellect, experience and AV smarts that have already gone
into trying to resolve this problem (or at least into considering what
could be made to work given how AV and viruses really work).
--
Nick FitzGerald
Compute
to be forgetting that a name is just a label and, alone,
imparts no identity information.
> Is that so hard?
Well, it would be if anyone was daft enough to try to do it as you
describe...
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
many AV companies' internal processes will
mean that "after the fact" renaming to achieve better consistency will
be easier than it is now and possibly more likely. However, those same
structural changes have the added benefit of allowing much better
"before the fact" na
bing the variant and/or shipping updated DAT/DEF/etc
files to detect it. A "solution" to the naming inconsistency problem
that is, say, 90% effective at this point in the process should have a
huge impact on the overall problem...
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/F
atabase of virus and other malware code. That will reduce
availability and damage from malware no end...
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
or the more complex platforms, but no-one has had the
time and funding, and the vendors don't have the motivation, to
investigate what may be possible and how effective such an approach
could be.
> Fear of the government labeling me a terrorist gives me pause though...
8-)
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
s that "much
better naming consistency really does matter" it can be made to work
with a few technical limitations and there are some moves afoot to
investigate the practicalities of this.
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
no-one
has wheeled out the hoary old chestnut of "Why not use something like
the hurricane/tropical storm naming scheme that has worked so well in
meteorology?" as it is replete with problems that are obviously
insoluble to anyone who understands anythi
le.AB", product developers may respond to naming
consensus requirements by simply reporting both as "Bagle" (though
internal to the product they will often still have to differentiate at
the a finer level for disinfection purposes).
> Sing with me Valdis
> "I
bout it "AV guys"? (I mean to be nice here...)
Other than a few voices wailing within the industry, there are some
much larger scale moves afoot that just may change the "there is not
sufficient external pressure" factor I mentioned above, though
realistically these moves may
and (generally) seen as having
very little, if any, market value, so few people expend much effort on
such renaming.
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
he Feds"...
Regards,
Nick FitzGerald
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
pskate" ... whilst I can agree that they might
> not want to provide tech support to users of their free scanner, does
> anyone have an email address at grisoft for submitting suspicious items
> that have got past their proxy scanner?
Yes but you'll have to contact me off-lis
re-related purposes besides self-mailing could be tied into such
behaviour, so not seeing MX requests does not mean that this type of
explanation is incorrect...
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
that opens the gate
to the fool's paradise.
There are plenty of such key-holders at MS but shouldn't Mozilla
developers be above that?
I know it's a hard marketing battle to win when your competitor is the
800lb gorilla _AND_ they do all the stupid dirty tricks as well, but i
guess what the moron really meant" is a recipe for being
screwed, so let's get over the previous "need" to "see it at all cost"
and get some sense back into what folk are doing...
Regards,
Nick FitzGerald
___
Full-Disclo
;
list. But, whatever the reason, did anyone at Microsoft give two
milliseconds of thought to the security (or other) consequences of that
design decision? I seriously doubt it and I'm sure I'm far from alone
in that...
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
uldn't eWeek's "Security Center Editor" be able to do the same?
Regards,
Nick FitzGerald
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
lexity such an approach
entails. In general, complexity is natural enemy of security because
"the devil is in the details" and when you have unbounded, featuritis-
driven complexity you get unmanageable layers of complexity hiding ever
more such layers. Stripping some of those layer
nd unknowingly have their overall
security lowered, and many vulnerabilities re-introduced to their
systems, by installing the "patches" offerred by their vendors "to fix
XP SP2 incompatibilities".
Regards,
Nick FitzGerald
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
o what if 40,000 morons decided to use something
tha MS previously hyped as "the next big thing" -- if its not good
security practice the softies are supposed to replace it with something
that is.
...
Of course, until the first version of IE that cannot support ActiveX
ships as a
ript in Explorer sees the script "execute" just fine. Of course, if
the decision of whether to execute the contents of a script is left up
to the interpreter, the flaw here is as much in the interpreter as
anywhere -- there are obvious parallels with NetWare's "e
rt-form writing "generic" shellcode that
is as small as possible so it can be used in as many (PoC) exploits as
possible. And smaller == better if you are dealing with tight buffer
overflows with only a few dozen bytes of reliable overflow space to
stash your payload, so very
ccept there is a modest
probability of that happening, how long do you have to live like that
before deciding that sidestepping most of these problems really is a
better alternative? A few months? A few years?
Both those timeframes have expired...
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
s to do such rendering) from their
systems.
In short, it seems CERT has joined the ranks of those who feel that
hoping MS will properly fix IE is a lost cause, or at least leaves you
exposed to generally unacceptable threats too often and for too long.
--
Nick
overwrite wmplayer.exe
> require the same privilege level.
Of course, this is the where the extreme security-awareness of your
typical XP Home comes to the fore...
> The real fault in this case most definitely does belong with Microsoft (few
> will argue that, and none will persua
actually the
very smallest of computer errors. I said "What a difference a char
makes..." in my Subject: line, but this is really just a single bit
error, as "%" is 0x25 and "&" 0x26.
Would it be too unkind to conclude that MS doesn't care one bit abou
in 21 Days" book...
Dude -- you mean that's _NOT_ the way we are supposed to do it??
Hell, it worked so well at University too...
Regards,
Nick FitzGerald
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
s or the
BHO method of "injecting" themselves into Explorer...
If you tell us the URL you got it from someone who can spell "clue" may
spend two minutes working it out for you though...
Regards,
Nick FitzGerald
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
re are many other fora
around the web for discussing "whose antivirus is best" type issues...
Please, no-one else reply to this _on list_.
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
___
Full-Disclosure -
V, Panda and ClamAV) missed detecting it as "AntiQFX"
or something very similar...
Regards,
Nick FitzGerald
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
y representative
hankering for some media exposure over-selling the seriousness or
novelty of what they "discovered"...
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
"Peter Kruse" <[EMAIL PROTECTED]> wrote:
> This is a heads up.
Or...
PANIC, PANIC, PANIC...
> A new malware has been reported from several sources so it appears to be
> fairly widespread already.
>
> The malware spreads from infected IIS servers to clients that visit the
> webpage of the infec
law schools need to introduce a new course: "Software
architecture priciples for Lawyers" ??
Regards,
Nick FitzGerald
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
ijacked machine as spambot phenomenon. We
> already have MX records for SMTP, but a lot of providers use different
> machines to receive (via SMTP) and send mail (POST). So, maybe a new DNS
> record is introduced for POST. Your machine(s) could do both or not. When
> your server goes
ng those MS "acquired" from
RAV or who have joined MS from other AV developers subsequently (not
that they haven't got some very good reversers, just there are still an
awful ot of them elsewhere), I doubt even MS is stupid enough to
consider trying something like this.
--
Nick
omeless windows and so on...
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
fooled
as to show themselves by simply moving the Address bar, and these have
reputedly already been used in some phishing scams -- see commentary in
Drew's archived posts, linked above.)
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
_
tation???
At the outset of the Security Initiative the skeptics largely said
"it's a marketing ploy", but its defenders said "it will take time for
the real results to be seen". As the weeks turned into months and now
years and little has been seen to have improved (and some very public
things to have gone backwards), it seems increasingly that the skeptics
may have been right...
Regards,
Nick FitzGerald
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
S can cope with and the problem is computationally
intractible (ala Turing) so cannot be fixed by throwing more technology
at it. As it is incredibly unlikely the whole morass of Windows code
will be ditched and re-written intelligently from scratch, I am quite
confident in this prediction.
Regards,
Nick FitzGerald
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
ely, in this case the necessary information is quite likely
unavailable to the OP and what is available to him may be difficult to
easily get. As a result I Emailed him directly asking for some
specific infoirmation. If he replies I'll have a better idea wher
en less helpful.
Next time you want to help, try S'ing TFU and letting folk who know
what they are doing have a go, eh?
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
1 - 100 of 375 matches
Mail list logo