address book. Clearly the motivation is there, the flaws are
there, it's the
skill set that is missing.
skills can be accurired by the motivated give the time and resourses so guess the lack
of the motivation is a the root cause
-aditya
From: Geoincidents [EMAIL PROTECTED]
That's retarded. Immunity is releasing a universal, repeatable, lsass
exploit in about 5 minutes to our CANVAS customers, for example, and
we're sure everyone else is done as well. For bonus credit we're
including a working ASN.1 exploit that owns IIS,
I can see that you don't know anything about finding vulnerabilities or
writing exploits. What you just said is Hey d3wd, there's like a
vulnerability in windows man, and h3h see if you can find it d00d!.
Isn't that exactly the assumption that eeye proceeds under?
The original statement to
Edward W. Ray wrote:
If you are confident that no one else will discover those
vulnerabilities the next time that MS waits to provide a solution, I
wish you good luck
These OSes have been around for years, running in hostile labs by evil
geniuses, and the source code has been examined by
On Thu, 2004-04-15 at 13:50, Geoincidents wrote:
Clearly the motivation is there, the flaws are there, it's the
skill set that is missing.
The security world isn't composed of only talented and whitehats guys
like (insert you prefered haker) and worm writers. There's some people
who has really
Exibar wrote:
You might have a point there with your box Curt ;-)
But, Windows has a nice little utility that will patch you system for you
Uh...sounds a bit like
emerge sync emerge -u world.
(Gentoo GNU/Linux)
Or like
apt-get update apt-get upgrade
(Debian GNU/Linux)
I was almost
I use Linux, OpenBSD and Windows in my enterprise. Linux and OpenBSD use
the 1 patch for 1 vulnerability rule. Seems to me that MS is bunching
their patches together in order to make it seem on the surface that Windows
has less patches than other Oses, therefore it is more secure. CIOs, take
I use Linux, OpenBSD and Windows in my enterprise. Linux and OpenBSD use
the 1 patch for 1 vulnerability rule. Seems to me that MS is bunching
their patches together in order to make it seem on the surface that Windows
has less patches than other Oses, therefore it is more secure. CIOs,
, but I DO feel better now :-) I'll get off
my soapbox now
Exibar
- Original Message -
From: Edward W. Ray [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, April 14, 2004 10:10 AM
Subject: [Full-Disclosure] The new Microsoft math: 1 patch for 14
vulnerabilities, MS04-011
I use
I use Linux, OpenBSD and Windows in my enterprise. Linux and OpenBSD use
the 1 patch for 1 vulnerability rule. Seems to me that MS is bunching
their patches together in order to make it seem on the surface that Windows
has less patches than other Oses, therefore it is more secure. CIOs,
Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Roman
Drahtmueller
Sent: Wednesday, April 14, 2004 7:36 AM
To: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] The new Microsoft math: 1 patch for 14
vulnerabilities, MS04-011
I use Linux, OpenBSD and Windows in my
.
Ex
- Original Message -
From: Curt Purdy [EMAIL PROTECTED]
To: 'Exibar' [EMAIL PROTECTED]; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Sent: Wednesday, April 14, 2004 1:20 PM
Subject: Re: [Full-Disclosure] The new Microsoft math: 1 patch for 14
vulnerabilities, MS04-011
Exibar wrote:
Do
Microsoft decided to patch them?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Roman
Drahtmueller
Sent: Wednesday, April 14, 2004 7:36 AM
To: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] The new Microsoft math: 1 patch for 14
vulnerabilities, MS04
On Wed, Apr 14, 2004 at 11:59:14AM -0400, Exibar wrote:
From: Exibar [EMAIL PROTECTED] To: [EMAIL PROTECTED],
[EMAIL PROTECTED] Subject: Re: [Full-Disclosure]
The new Microsoft math: 1 patch for 14 vulnerabilities, MS04-011
Date: Wed, 14 Apr 2004 11:59:14 -0400
give me a freakin break
On Wed, Apr 14, 2004 at 07:10:20AM -0700, Edward W. Ray wrote:
I use Linux, OpenBSD and Windows in my enterprise. Linux and OpenBSD use
the 1 patch for 1 vulnerability rule. Seems to me that MS is bunching
their patches together in order to make it seem on the surface that Windows
has
On Wed, 2004-04-14 at 08:40 -0700, Edward W. Ray wrote:
I would not mind the bunching, except that many of the vulnerabilities were
discovered more than 4-6 months ago. The other Oses release patches much
more quickly. What if someone other than Eeye with an axe to grind
discovered these
At 11:59 AM 4/14/2004 -0400, Exibar wrote:
Microsoft bashing because they're
in Redmond, WA and you feel they should be in Texas somewhere?
NO! Washington is just fine. We have enough pollution problems
down here in Texas already, thank you.
m5x
___
: Wednesday, April 14, 2004 4:11 PM
Subject: Re: [Full-Disclosure] The new Microsoft math: 1 patch for 14
vulnerabilities, MS04-011
At 11:59 AM 4/14/2004 -0400, Exibar wrote:
Microsoft bashing because they're
in Redmond, WA and you feel they should be in Texas somewhere?
NO! Washington
--On Wednesday, April 14, 2004 11:13:02 AM -0700 John Sage
[EMAIL PROTECTED] wrote:
Well, which is it? 3, 21, 20, over 30, at least 20?
That's easy. All of the above. :-)
So what does this say about accuracy in journalism?
Paul Schmehl ([EMAIL PROTECTED])
Adjunct Information Security Officer
Exactly the point of full disclosure. If someone with a serious axe to
grind would have stumbled onto the ASN.1 flaw before the Eeye notice, it
could have been an ELE* for MS and some major corporations.
Let's see, unpatched ASN.1 + Flash Worm = ?
I think you seriously underestimate the
On Wed, 14 Apr 2004, Exibar wrote:
But, Windows has a nice little utility that will patch you system for you
and pop up a nice little box near the clock that says system patched too...
Windows Update works quite well actually. Now if it was only turned full on
by default.
And installing
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Geoincidents wrote:
| Exactly the point of full disclosure. If someone with a serious
| axe to
|
| grind would have stumbled onto the ASN.1 flaw before the Eeye
| notice, it could have been an ELE* for MS and some major
| corporations.
|
| Let's see,
Exibar wrote:
You might have a point there with your box Curt ;-)
But, Windows has a nice little utility that will patch you system for you
and pop up a nice little box near the clock that says system patched too...
Windows Update works quite well actually. Now if it was only turned full on
Dave Aitel wrote:
| Exactly the point of full disclosure. If someone with a serious
| axe to
|
| grind would have stumbled onto the ASN.1 flaw before the Eeye
| notice, it could have been an ELE* for MS and some major
| corporations.
|
| Let's see, unpatched ASN.1 + Flash Worm = ?
|
|
| I think
That's retarded. Immunity is releasing a universal, repeatable, lsass
exploit in about 5 minutes to our CANVAS customers, for example, and
we're sure everyone else is done as well. For bonus credit we're
including a working ASN.1 exploit that owns IIS, Exchange, and
everything else...
If
On Wed, 2004-04-14 at 21:38, Rick Updegrove wrote:
Exibar wrote:
On 2 recent occasions that I can recall a windows update broke windows.
Once it disabled the NIC altogether and on another occasion it caused IE
to run slower than a one legged cat, trying to bury a turd, on a frozen
pond.
]
Subject: Re: [Full-Disclosure] The new Microsoft math: 1 patch for 14
vulnerabilities, MS04-011
give me a freakin break people you guys complain when Microsoft doesn't
patch something, and now you're complaining when Microsoft patches
something I think that a lot of people just like to bash
27 matches
Mail list logo
