RE: Six Step IE Remote Compromise Cache Attack

[Benjamin Franz <snowhare () nihongo org>]

On Wed, 5 Nov 2003, Thor Larholm wrote:

> This post raises an interesting question. Is our goal to find new
> vulnerabilities and attack vectors to help secure users and critical
> infrastructures, or is our goal to ease exploitation of existing
> vulnerabilities?
>
> There are no new vulnerabilities or techniques highlighted in this
> attack (which is what it is), just a combination of several already
> known vulnerabilities. This is not a proof-of-concept designed to
> highlight how a particular vulnerability works, but an exploit designed
> specifically to compromise your machine. All a malicious viruswriter has
> to do is exchange the EXE file.
>
> Believe me, I am all in for full disclosure and detailing every aspect
> of a vulnerability to prevent future occurances of similar threats, but
> I don't particularly think that we should actively be trying to help
> malicious persons.

I have mixed emotions about this. On one side - why put millions of
systems at risk to script kiddies? On the other side, as noted by the
poster, one of these vulnerabilities has been known for more than _TWO
YEARS_. Surely far more than enough time for MS to have actually _fixed_
the problem if they intended to. MS seems (at least in some cases)  to
ignore security problems until someone publically 'holds their feet to the
fire' over them. I suspect this happens when the problem 'runs deep' in
their code and will require more than fixing a boundary limit check and
recompiling.

-- 
Benjamin Franz

Gauss's law is always true, but it is not always useful.
    -- David J. Griffiths, "Introduction to Electrodynamics"