lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <8B32EDC90D8F4E4AB40918883281874D9B3D@pivxwin2k1.secnet.pivx.com>
Date: Mon, 8 Sep 2003 16:36:00 -0700
From: "Thor Larholm" <thor@...x.com>
To: <ADBecker@...ortgage.com>, "GreyMagic Software" <security@...ymagic.com>
Cc: "Bugtraq" <bugtraq@...urityfocus.com>, <full-disclosure@...ts.netsys.com>,
   <http-equiv@...ite.com>, "NTBugtraq" <NTBUGTRAQ@...TSERV.NTBUGTRAQ.COM>,
   "Microsoft Security Response Center" <secure@...rosoft.com>,
   <vulnwatch@...nwatch.org>
Subject: RE: BAD NEWS: Microsoft Security Bulletin MS03-032


Updated antivirus will only catch specific instances of POC code, not
any actual reallife exploitation which easily differ significantly in
footprint and signature.

It's been a constant nuisance the last few years that whenever you
release any kind of POC the AV vendors will label it as a virus and have
their customers feel safe whenever they try to demonstrate publicly
available POC code, while still doing nothing to hinder exploitation of
the actual vulnerability.

AV vendors should realize that their approach to security often will
lead to greater insecurity, I have no count of the number of people
writing me and telling me they would not install a potentially
systemdamaging patch since my public POC didn't work anyway on their
system because of their superior AV product.

Out of sight, out of mind..


Regards
Thor Larholm
PivX Solutions, LLC - Senior Security Researcher



-----Original Message-----
From: ADBecker@...ortgage.com [mailto:ADBecker@...ortgage.com] 
Sent: Monday, September 08, 2003 12:17 PM
Subject: RE: BAD NEWS: Microsoft Security Bulletin MS03-032

Updated antivirus software should catch this exploit and prevent any
application from being launched. We have McAfee VirusScan 7 Ent. which
caught both exploit examples at http://greymagic.com/adv/gm001-ie/

Andrew Becker
C.H. Mortgage, D.R. Horton
Phoenix IT/MIS Department
Phone: (866) 639-7305
Fax: (480) 607-5383

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ