>
> http://news.bbc.co.uk/1/hi/technology/3485972.stm
>
>
>From the url above:
>"We have never had vulnerabilities exploited before the patch was
known," >he
>said."
>
Right.
Did nobody ask this fella why they issue patches at all then?
Without patches, his statement would look like this:
-Original Message-
>I thought about this fact as well, but it's typical semantics playing into
>PR bull. He said could only think of one instance of an exploit before a
>patch was available. However, note that he very carefully sidesteps the
>issue by first saying no exploits have existe
Somebody want to explain to this guy that there's a difference between
"publicly available" exploits and 0-day exploits circulating in the underground?
http://news.bbc.co.uk/1/hi/technology/3485972.stm
Scary part is that he's a high honcho at Microsoft's security unit.
pgp0.pgp
Description:
On Thu, Feb 26, 2004 at 12:37:31PM -0500, [EMAIL PROTECTED] wrote:
> Somebody want to explain to this guy that there's a difference between
> "publicly available" exploits and 0-day exploits circulating in the underground?
>
> http://news.bbc.co.uk/1/hi/technology/3485972.stm
>
>From the url abo
-
De: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] En nombre de
[EMAIL PROTECTED]
Enviado el: Jueves, 26 de Febrero de 2004 14:38
Para: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Asunto: [Full-Disclosure] What's wrong with this picture?
Somebody want to explain to this guy that there's a
this
list referring to XP or 2k?
My 0.0002c
Richard Spiers
Dksaarth
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: 26 February 2004 07:38 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: [Full-Disclosure] What's wrong with t
On Thu, 26 Feb 2004 21:46:20 "Richard Spiers" <[EMAIL PROTECTED]> said:
> Just thought I'd highlight some things
>
> ""We have never had vulnerabilities exploited before the patch was
> known," he said. "
>
> "Mr Aucsmith said he could only think of one instance when a
> vulnerability was exploit
On Thu, 26 Feb 2004 16:49:24 -0300, you said:
> The fact that exploit code is made available after the patch is released,
> is probably because the researchers
> Made the vulnerability publicly available at same time as the patch was
> released, otherwise MS wouldnt give
> Credit to the researcher
-Original Message-
patch was available. However, note that he very carefully sidesteps the
issue by first saying no exploits have existed since "before the patch was
known." Not available.
Obviously the windows metafile exploit from this week must not count. I
guess all
Replugge wrote:
> The fact that exploit code is made available after the patch
> is released,
> is probably because the researchers
> Made the vulnerability publicly available at same time as the
> patch was
> released, otherwise MS wouldnt give
> Credit to the researchers for the vuln.
Not only
10 matches
Mail list logo