lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <3a166c090603280744h4a7fff6cg9549176a290b245a@mail.gmail.com>
Date: Tue Mar 28 16:44:39 2006
From: n3td3v at gmail.com (n3td3v)
Subject: Security Alert: Unofficial IE patches appear on
	internet

Security Alert:
Microsoft who wait for a "Patch Tuesday" to release software solutions for
critical bugs are creating a world of opportunity for hackers to take
advantage of the situation. Not only do unofficial patches allow script kids
to patch systems, but it allows for phishing of malcious fake patches
(phishing) to appear on web, which may comtain further evil code unrelated
to the initial flaw...


Round-up:
n3td3v group calls on Microsoft to scrap "Patch Tuesday" for critical flaws:
http://groups.google.com/group/n3td3v/browse_thread/thread/98e9cb7eeb8c7a69/81e22fcb72f047b3#81e22fcb72f047b3

n3td3v group warns industry not to release third party patches, as they only
aid the script kids and phishers, not the global network of MS Windows
system consumers, who will never see or hear the third party patches being
released by the third party patch developers (EEYE etc):
http://groups.google.com/group/n3td3v/browse_thread/thread/83607ba833b697b0/8f0be3bc9c2436c4


Lastly, we stress Microsoft again to solve the trend of third party patches
with all its side effects and security threats attached to it by releasing
patches before a "Patch Tuesday" for critical flaws.

Finally: We ask people not to download third party patches, because we've
heard from a contact within Microsoft that a patch for IE is coming this
Thursday.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060328/92277bad/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ