North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: WMF patch
More info. This seems pretty reasonable: http://castlecops.com/a6445-WMF_Exploit_FAQ.html Steve Gibson is also mirroring Guilfanov's bypass, and says Microsoft's cryptographically signed but unreleased patch is floating around the net now: http://www.grc.com/sn/notes-020.htm In my reading this is a serious vulnerability, but the self- inflating agitation in the "security community" has reached a highly annoying level. I'm in the FTDT (fix the damn thing) school; let's deal with it and get on with it. Every cycle spent moaning about the faults of Microsoft is a lost opportunity for something more productive. Back to /usr/lurk . . . regards, Fred ----------------- > >On Wed, 4 Jan 2006, Brance Amussen wrote: > >> >> Howdy, >> Here is the link to the unofficial patches creators site. >> http://www.hexblog.com/ This is the one sans links to. >> Sans seems to be having a hard day.. No Dshield mailings today either.. >> Isc.sans.org is sporadic as well.. > >According to isc.sans.org, hexblog.com was down due to bandwidth issues >earlier. See the isc.sans.org homepage for details on alternate ways to >get to it. >
|