lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <03d901c6105b$d3b1efc0$0d00005a@moregarlic.com>
Date: Tue, 3 Jan 2006 06:49:53 -0500
From: "Larry Seltzer" <larry@...ryseltzer.com>
To: "'FunSec [List]'" <funsec@...uxbox.org>,
	<full-disclosure@...ts.grok.org.uk>, <bugtraq@...urityfocus.com>
Subject: RE: [Full-disclosure] WMF round-up, updates and de-mystification


>>I have tested and confirmed that this patch only works in specific
scnenarios and does not mitigate the entire issue.  Variations still work.I
have tested and confirmed that this patch only works in specific scnenarios
and does not mitigate the entire issue.  Variations still work. 

Oh really? Do you have any more information on this or do you just like to
throw bricks? I have a hard time believing you're right, because it would
mean that there are variations of the attack that don't use its fundamental
mechanism.

All that said, it's clear to me that the rush to adopt this patch is
precipitous. For instance, it's largely unnecessary on Windows 9x, NT, and
2K, unless you rely on a specifically vulnerable app, like Notes.

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.ziffdavis.com/seltzer
Contributing Editor, PC Magazine
larryseltzer@...fdavis.com 




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ