Dailydave mailing list archives
Ah, oo, uh, ie.
From: Dave Aitel <dave () immunityinc com>
Date: Thu, 30 Mar 2006 17:40:57 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Having some fun reading the MSRC weblog. Who doesn't? I want to have an automated thing scrape it out of the web page and read it out to me with a sultry female British accent. That's not weird, right? I could hook it up to every security weblog out there and have a really amusing radio station. Anyways, today you can read some funny things there, if you are in the right mindset. Or have them read to you. Whatever. Mike Nash: Hey, we've, uh, decided to throw a major change to how IE works with regards to ActiveX in with a security patch this month. We have an EXTRA OPTIONAL patch you can use to disable the change in behavior. I wonder if Mike's been talking to one of the DCOM designers. This sounds like something they'd think up. DCOM Designer: "Yo, so the server can call RpcImpersonateClient(), but not if the client has called SetCloaking("Definitely Not"). but if the registry has the "Cloaking: Not such a good thing" dword set to 1 then it still can. Clear?" ProgrammersProgrammersProgrammers: "Sure!" Haha. That API cracks me up every time. Anyways, I thought I'd point out a few of the funnier in-jokes. Mike Nash: """ We?ve also been made aware of some third party solutions being made available for this vulnerability. Some of these solutions make modifications to Windows itself to bypass the attack vector of the vulnerability. Of course, while the IE team is working on an update to address the problem, we certainly recommend a defense in depth strategy that involves third party tools such as AntiVirus or IDS/IPS solutions. However we cannot recommend third party solutions that modify the way the product itself operates. """ What does an AntiVirus or IDS/IPS do again? Oh right, MODIFY THE WAY THE PRODUCT OPERATES. And not entirely effectively. In our Unethical Hacking class this week we'll be bypassing AntiVirus with the new IE 0day (for fun and profit). I don't think we'll bother with NIDS, because I don't think NIDS can handle gzip+chunk encoded web pages anyways. The main funny think MSRC said to me this week was that they've been tracking down web sites that have the exploit on them, and shutting them down with law enforcement. Who cares, when you can get hit by a targeted attack? Not every attack is just blindly smacking down random grandmothers, although if you read MSRC, the sultry female british accent would quickly convince you that was the case. - -dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFELF55tehAhL0gheoRAldPAJwLUA/AaYfSyQ80c/etMMYvw9jeAgCdEPJQ I6ea0Jg+G8qf/riHD9RZSKM= =gU0i -----END PGP SIGNATURE-----
Current thread:
- Ah, oo, uh, ie. Dave Aitel (Mar 30)
- Re: Ah, oo, uh, ie. Bryan Burns (Mar 30)
- Re: Ah, oo, uh, ie. H D Moore (Mar 31)
- <Possible follow-ups>
- Ah, oo, uh, ie. Williams, James K (Mar 31)