lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: dave at immunitysec.com (Dave Aitel)
Subject: The new Microsoft math:  1 patch for 14 vulnerabilities,
 MS04-011

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Geoincidents wrote:

|> Exactly the point of full disclosure.  If someone with a serious
|> axe to
|
| grind would have stumbled onto the ASN.1 flaw before the Eeye
| notice, it could have been an ELE* for MS and some major
| corporations.
|
|> Let's see, unpatched ASN.1 + Flash Worm = ?
|
|
| I think you seriously underestimate the hacking skills of eeye,
| there are very few who could turn the bugs they find into full blow
|  root level exploits.
|
| Geo.

That's retarded. Immunity is releasing a universal, repeatable, lsass
exploit in about 5 minutes to our CANVAS customers, for example, and
we're sure everyone else is done as well. For bonus credit we're
including a working ASN.1 exploit that owns IIS, Exchange, and
everything else...

Dave Aitel
Immunity, Inc.
http://www.immunitysec.com/CANVAS/ "Have your hacking skills
underestimated by random people on FD"



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFAfdtzzOrqAtg8JS8RAsXlAKCdC74SQ15A7/enDE5WUuJU8kmzWACglUGR
LQ/bCax5wYlJEIw+3Oew370=
=HS6z
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists