lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <400147DB.25603.397C73FA@localhost>
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: 3 new MS patches next week... but none fix 0x01!

"Exibar" <exibar@...lair.com> wrote:

> What's going on over at Microsoft anyway?  They're releasing 3 new patches
> next week, but are planned to take care of the "0x01" vulnerability in IE.

                    ^
                    |
As it is now clear that you meant to include the word "none" in 
there...

>    I'm one of Microsoft's defenders, and I'm starting to get a little
> confused and upset at what they're doing.
> 
>   Heck if 3rd parties can write a fix for the darned thing, why the heck
> can't Microsoft????  What are they thinking over there?
> 
>  oh, I guess they are waiting for a large client to get scammed by a scam
> e-mail and then wait for that client to complain.  Money really does talk I
> guess.... it's a shame

OK -- is HSBC bank a large enough client of Microsoft's??

A few days ago (7 Jan) there was a huge spam run phishing for HSBC 
customer details.  That spam used a version of the URL spoofing trick 
based on a long string of percent-zero-one URL-encoded chars (you have 
to be careful with writing that literally now as several spam filters 
and some virus scanner's heuristics specifically look for those 
strings, literal 0x00, 0x01 and similar characters and various other 
forms of encoding of them that are valid in HTML, etc...).  Anyway, 
back to the HSBC spam -- I've seen a report of a single filter 
intercepting close to 150,000 of those messages and several other 
informal reports of "large numbers" of other spam employing these URL 
obscuring tricks (though the HSBC one is the only one using it I've 
noticed arriving in my personal Email).


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ