| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <407DDB74.1030501@immunitysec.com> From: dave at immunitysec.com (Dave Aitel) Subject: The new Microsoft math: 1 patch for 14 vulnerabilities, MS04-011 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Geoincidents wrote: |> Exactly the point of full disclosure. If someone with a serious |> axe to | | grind would have stumbled onto the ASN.1 flaw before the Eeye | notice, it could have been an ELE* for MS and some major | corporations. | |> Let's see, unpatched ASN.1 + Flash Worm = ? | | | I think you seriously underestimate the hacking skills of eeye, | there are very few who could turn the bugs they find into full blow | root level exploits. | | Geo. That's retarded. Immunity is releasing a universal, repeatable, lsass exploit in about 5 minutes to our CANVAS customers, for example, and we're sure everyone else is done as well. For bonus credit we're including a working ASN.1 exploit that owns IIS, Exchange, and everything else... Dave Aitel Immunity, Inc. http://www.immunitysec.com/CANVAS/ "Have your hacking skills underestimated by random people on FD" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAfdtzzOrqAtg8JS8RAsXlAKCdC74SQ15A7/enDE5WUuJU8kmzWACglUGR LQ/bCax5wYlJEIw+3Oew370= =HS6z -----END PGP SIGNATURE-----
Powered by blists - more mailing lists