lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20050414025813.GA19339@linux.unixwiz.net>
Date: Thu Apr 14 03:58:29 2005
From: steve at unixwiz.net (Steve Friedl)
Subject: Microsoft April Security Bulletin Webcast BS

On Wed, Apr 13, 2005 at 02:24:17PM -0400, Micheal Espinola Jr wrote:
> Wow... so, I'm listening to the webcast while doing my work today. I just 
> heard him (the male presenter) say (three times now) that because some of 
> the vulnerabilities have *not been publicly disclosed* that they are *not 
> publicly exploitable*.
> *OMFG*

No, that's not what he said.

After a couple of hours of dicking around with the lousy MS Events
website, I finally got to listen to the webcast to hear it for
myself. What he said was that they *have not been* publicly exploited,
which is to say: there aren't any known public exploits in the wild.

Christopher's words match the titling on the slides:

	Publicly Disclosed: No
	Publicly Exploited: No

I suppose there's an implied "yet" after all of these.

Those who care to verify this more carefully than the original poster
can do so for themselves can do so from the Microsoft website:

	http://go.microsoft.com/fwlink/?LinkId=43750

(if you care to wrestle with the registration system) and find
his very words at:

	MS05-016: slide 13, timestamp  6:50
	MS05-017: slide 15, timestamp  8:40
	MS05-018: slide 18, timestamp 11:10
	MS05-019: slide 20, timestamp 12:55 *1
	MS05-022: slide 32, timestamp 23:40

*1 = publicly disclosed, but not publicly exploited

Steve

--- 
Stephen J Friedl | Security Consultant |  UNIX Wizard  |   +1 714 544-6561
www.unixwiz.net  | Tustin, Calif. USA  | Microsoft MVP | steve@...xwiz.net

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ