[<prev] [next>] [day] [month] [year] [list]
Message-ID: <920846FA-644E-11D9-8DA6-000D93C0F38C@teknovis.com>
Date: Tue, 11 Jan 2005 20:01:00 -0800
From: Andrew Farmer <andfarm@...novis.com>
To: "Team Pwnge" <team_pwn4ge@...gun.com>
Cc: vulnwatch@...nwatch.org, bugtraq@...urityfocus.com,
full-disclosure@...ts.netsys.com
Subject: Re: MORE CRITICAL FLAWS IN MS WINDOWS EXPLORER
On 11 Jan 2005, at 14:52, Team Pwnge wrote:
^^^^^
Nice start: you can't even spell your own name correctly.
<snip... blah, blah, blah>
> Description
> ===========
>
> Shogun Suzuki discovered that a remote user can connect to any
> machine via numerous exploits and use Windows Explorer to view files,
> rename files, delete files, change permissions on files stored on a
> remote machine that has been pwned.
Pray tell. An important element of disclosure is to actually disclose
something. This, however, depends on there actually being something
worth disclosing.
> Impact
> ======
>
> A remote attacker could install something similar to PCAnywhere
> after exploiting Windows and use Windows' Explorer to view, copy
> and or open any file on a victims machine.
... or, "after exploiting Windows", an attacker could just "view,
copy, and or open any file on a victims[sic] machine" without
Explorer's help.
> Concerns?
> =========
>
> Security is a primary focus of TEAM PWN4GE ...
Er... right.
> ... and ensuring the
> progress of secure Windows machines be our dreams.
And grammar be you lacking.
Oh, wait. You probably haven't gotten to that in school yet. Never
mind.
> ... As security
> concerns should be addressed to respective vendors, ...
Reasonable enough, I suppose...
> ... we feel the urge to bypass standards ...
Um... yeah. "We think that $X is good, so we aren't going to do it."
> ... and bring our common dreams of a secure homeland to the Interweb.
*SPLUTTER*
Download attachment "PGP.sig" of type "application/pgp-signature" (187 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists