Home page logo
/

nanog logo nanog mailing list archives

RE: WMF patch
From: Fred Heutte <aoxomoxoa () sunlightdata com>
Date: Wed, 4 Jan 2006 13:36:53 -0800


More info.  This seems pretty reasonable:

http://castlecops.com/a6445-WMF_Exploit_FAQ.html

Steve Gibson is also mirroring Guilfanov's bypass, and says
Microsoft's cryptographically signed but unreleased patch
is floating around the net now:

http://www.grc.com/sn/notes-020.htm

In my reading this is a serious vulnerability, but the self-
inflating agitation in the "security community" has reached
a highly annoying level.  I'm in the FTDT (fix the damn thing)
school; let's deal with it and get on with it.  Every cycle spent
moaning about the faults of Microsoft is a lost opportunity
for something more productive.

Back to /usr/lurk . . .

regards,

Fred

-----------------

On Wed, 4 Jan 2006, Brance Amussen wrote:


Howdy,
Here is the link to the unofficial patches creators site.
http://www.hexblog.com/ This is the one sans links to.
Sans seems to be having a hard day.. No Dshield mailings today either..
Isc.sans.org is sporadic as well..

According to isc.sans.org, hexblog.com was down due to bandwidth issues
earlier. See the isc.sans.org homepage for details on alternate ways to
get to it.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault