| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun Aug 21 19:48:58 2005 From: jerome.athias at free.fr (Jérôme ATHIAS) Subject: FrSIRT False Alarm "amazing" http://www.securityfocus.com/archive/1/359969/2004-04-06/2004-04-12/0 btw, another KillBit: http://isc.sans.org/msddskillbit.php Paul a ?crit : >> "Microsoft is concerned that this new report of a vulnerability in >> Internet >> Explorer was not disclosed responsibly, potentially putting computer >> users >> at risk. We continue to encourage responsible disclosure of >> vulnerabilities. >> We believe the commonly accepted practice of reporting vulnerabilities >> directly to a vendor serves everyone's best interests. This practice >> helps >> to ensure that customers receive comprehensive, high-quality updates for >> security vulnerabilities without exposure to malicious attackers >> while the >> update is being developed." > > > Believe it or not, I am in full agreement with this statement. > > Regards, > Paul > Greyhats Security > http://greyhatsecurity.org > > > ----- Original Message ----- From: <ad@...ss101.org> > To: <full-disclosure@...ts.grok.org.uk> > Sent: Saturday, August 20, 2005 6:13 AM > Subject: Re: [Full-disclosure] FrSIRT False Alarm > > >> >> MS said: >> >> "Microsoft is concerned that this new report of a vulnerability in >> Internet >> Explorer was not disclosed responsibly, potentially putting computer >> users >> at risk. We continue to encourage responsible disclosure of >> vulnerabilities. >> We believe the commonly accepted practice of reporting vulnerabilities >> directly to a vendor serves everyone's best interests. This practice >> helps >> to ensure that customers receive comprehensive, high-quality updates for >> security vulnerabilities without exposure to malicious attackers >> while the >> update is being developed." >> >> http://www.microsoft.com/technet/security/advisory/906267.mspx >> >> chaotic :> >> >>>> do you have a test page? >>> >>> No. We used the public exploit to generate a specially crafted page. >>> >>> >>> Best regards, >>> FrSIRT / French Security Incident Response Team 24/7 >>> http://www.frsirt.com >>> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) >>> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org >>> >>> >>> iD8DBQFDBew5OjxwThxio44RAoWgAJ9k5+qAasePjIG8OaOe2AFjBKsvjQCfVFuD >>> I0Yc2oleSNh/jqc8lKRxQp8= >>> =CAvW >>> -----END PGP SIGNATURE----- >> >> >> **************************************************************** >> KEY: 0xA7C69C5F >> PRINT: 694C 3495 BCC4 2F8B D794 6BD4 AF8B 457B A7C6 9C5F >> **************************************************************** >> >> >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > >
Powered by blists - more mailing lists