lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Wed May 10 12:12:42 2006
From: juha-matti.laurio at netti.fi (Juha-Matti Laurio)
Subject: MS06-019 - How long before this develops into
	a self propagating email worm

Two comments to threat meters:

1) ISS's AlertCon is at level 2/4 (Increased vigilance) now:
https://gtoc.iss.net/issEn/delivery/gtoc/index.jsp

listing "in response to the critical issue disclosed within Microsoft Security Bulletin MS06-019 ? part of Microsoft`s May release."

2) McAfee's Global Threat Condition is at level 3/4 (Severe) now:
http://www.mcafee.com/us/threat_center/default.asp#legend-learnmore

listing "a raised risk of exploitation on Microsoft Windows and Microsoft Exchange hosts."

- Juha-Matti

> 
> All,
> 
> I have read the Microsoft advisory and the alarm bells started to
> whistle ;)
> 
> As fas a I can read this open the door to fully self propagating
> email worms with whatever payload you desire.
> 
> Yet, sans.org, symantec and
> us-cert.gov still have their threat levels on 1.
> 
> What am I missing, surely
> this superseeds the IE7 0-day action (sorry couldn't resist).
> 
> Schanulleke

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ