[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <430781C7.60206@free.fr>
Date: Sun Aug 21 19:48:58 2005
From: jerome.athias at free.fr (Jérôme ATHIAS)
Subject: FrSIRT False Alarm
"amazing"
http://www.securityfocus.com/archive/1/359969/2004-04-06/2004-04-12/0
btw, another KillBit:
http://isc.sans.org/msddskillbit.php
Paul a ?crit :
>> "Microsoft is concerned that this new report of a vulnerability in
>> Internet
>> Explorer was not disclosed responsibly, potentially putting computer
>> users
>> at risk. We continue to encourage responsible disclosure of
>> vulnerabilities.
>> We believe the commonly accepted practice of reporting vulnerabilities
>> directly to a vendor serves everyone's best interests. This practice
>> helps
>> to ensure that customers receive comprehensive, high-quality updates for
>> security vulnerabilities without exposure to malicious attackers
>> while the
>> update is being developed."
>
>
> Believe it or not, I am in full agreement with this statement.
>
> Regards,
> Paul
> Greyhats Security
> http://greyhatsecurity.org
>
>
> ----- Original Message ----- From: <ad@...ss101.org>
> To: <full-disclosure@...ts.grok.org.uk>
> Sent: Saturday, August 20, 2005 6:13 AM
> Subject: Re: [Full-disclosure] FrSIRT False Alarm
>
>
>>
>> MS said:
>>
>> "Microsoft is concerned that this new report of a vulnerability in
>> Internet
>> Explorer was not disclosed responsibly, potentially putting computer
>> users
>> at risk. We continue to encourage responsible disclosure of
>> vulnerabilities.
>> We believe the commonly accepted practice of reporting vulnerabilities
>> directly to a vendor serves everyone's best interests. This practice
>> helps
>> to ensure that customers receive comprehensive, high-quality updates for
>> security vulnerabilities without exposure to malicious attackers
>> while the
>> update is being developed."
>>
>> http://www.microsoft.com/technet/security/advisory/906267.mspx
>>
>> chaotic :>
>>
>>>> do you have a test page?
>>>
>>> No. We used the public exploit to generate a specially crafted page.
>>>
>>>
>>> Best regards,
>>> FrSIRT / French Security Incident Response Team 24/7
>>> http://www.frsirt.com
>>> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32)
>>> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>>>
>>>
>>> iD8DBQFDBew5OjxwThxio44RAoWgAJ9k5+qAasePjIG8OaOe2AFjBKsvjQCfVFuD
>>> I0Yc2oleSNh/jqc8lKRxQp8=
>>> =CAvW
>>> -----END PGP SIGNATURE-----
>>
>>
>> ****************************************************************
>> KEY: 0xA7C69C5F
>> PRINT: 694C 3495 BCC4 2F8B D794 6BD4 AF8B 457B A7C6 9C5F
>> ****************************************************************
>>
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
Powered by blists - more mailing lists