lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <009901c3935e$1bf7f630$550ffea9@rms>
Date: Wed, 15 Oct 2003 16:51:29 -0400
From: "Richard M. Smith" <rms@...puterbytesman.com>
To: "'Giovanni Campagnoli'" <bioia@...oo.com>,
	<bugtraq@...urityfocus.com>
Subject: Microsoft got it wrong


Only last month in USA Today, Microsoft was claiming that Windows Messenger
didn't represent a security hazard:

   Pop-ups assail through Windows
   http://www.usatoday.com/tech/news/2003-09-24-popups_x.htm

   Microsoft views pop-up boxes as a benign nuisance 
   that does "not pose a security risk," says Greg Sullivan, 
   product manager for Windows. 

Looks like Microsoft crystal ball is pretty fuzzy.  Windows Messsenger is
just the sort of seldom-used feature that should be turned off by default in
Windows XP.

Richard M. Smith
http://www.ComputerBytesMan.com

-----Original Message-----
From: Giovanni Campagnoli [mailto:bioia@...oo.com] 
Sent: Wednesday, October 15, 2003 3:10 PM
To: bugtraq@...urityfocus.com
Subject: Microsoft Windows Security Bulletin Summary October

Microsoft Security Bulletin MS03-043 - Buffer Overrun
in Messenger Service Could Allow Code Execution
(828035)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ