Dailydave: RE: Microsoft letdown day

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Dailydave mailing list archives

RE: Microsoft letdown day

From: "Aleksander P. Czarnowski" <alekc () avet com pl>
Date: Wed, 12 Jan 2005 17:35:16 +0100

We're living in a strange world. Since DJB students advisory I am scared
of running nasm - good thing I am using masm32 on Windows system - DJB
and his students can't get me remotely any time soon ;-) However one
remote thing happened - a lot more people now know about DJB's security
mailing list. He's advertising genius.

Now I wonder how this bug will influence OpenBSD "Only one remote hole
in the default install, in more than 8 years!" slogan:

010: RELIABILITY FIX: January 10, 2005
A bug in the tcp(4) stack allows an invalid argument to be used in in
calculating the TCP retransmit timeout. By sending packets with specific
values in the TCP timestamp option, an attacker can cause a system
panic. 

After all you can have a remote vulnerability even after you disable
(almost) every service (knowing how buggy those services plus kernel
are).
Just my 2 cents,
Cheers,
Alex Czarnwoski
AVET INS

-----Original Message-----
From: Dave Aitel [mailto:dave () immunitysec com] 
Sent: 12 stycznia 2005 17:01
To: dailydave
Subject: [Dailydave] Microsoft letdown day

I'm both happy and sad when there are no good Microsoft bugs. On one 
hand it's good that none of your bugs got blown (phew!), and on the 
other hand you don't have anything fun to do that 
day."Remote" bugs in 
IE just don't have that spark since five of them come out a week.

One thing I've noticed is that it's now endemic that everyone agrees 
with DJB that client-side bugs like the ANI overflow are 
"remote bugs". 
This is crazy! I wonder if it's skewing any new "research" on 
"windows 
of vulnerability" or "The security of Linux versus Microsoft 
Windows". 
There are three simple classifications:
Local
Remote
Client-Side

An IE bug is not a remote bug. It's a client-side bug. I like 
how they 
claim there's "remote code execution." Is it making a DCOM call to a 
remote machine? :>

If the industry can't even get this sort of thing right, how do we 
expect it to do something hard, like protect my Sidekick from 
getting owned?

-dave
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com 
https://lists.immunitysec.com/mailman/listinfo> /dailydave

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave

By Date By Thread

Current thread:

Microsoft letdown day Dave Aitel (Jan 12)
- Re: Microsoft letdown day Florian Weimer (Jan 12)
- Re: Microsoft letdown day Jeremy Kelley (Jan 12)
- <Possible follow-ups>
- RE: Microsoft letdown day Maynor, David (ISS Atlanta) (Jan 12)
- RE: Microsoft letdown day Aleksander P. Czarnowski (Jan 12)
  - Re: Microsoft letdown day Florian Weimer (Jan 12)
- RE: Microsoft letdown day Altheide, Cory B. (IARC) (Jan 12)