Dailydave mailing list archives
Re: Hmph
From: "Tucker Dummychuck" <dummychuck () gmail com>
Date: Tue, 17 Apr 2007 22:21:33 -0700
I'm not sure I see why we need a 3rd-party patch so urgently. The mitigation described by MS works and is fairly painless, so presumably you'd start with that if you are running DNS, and then wait for the patch from MS? I agree that it was only a matter of time before hackers identified the flaw - either using the info on the ISC diary page or from MS's advisory. Perhaps saying that it was a stack BO made it a *little* easier to find, but that would be the obvious thing to start looking for in the first place. Tucker. On 4/16/07, Dave Aitel <dave () immunityinc com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm off to class - today is niprint day! But I did have a comment on Ryan Naraine's latest article[1], which is this: Hackers don't need hints from Microsoft's advisories. Anyways, all those people with spare time need to step up with their third party patches! Time is of the essence people! Eventually these patches will be put out by the hacker groups themselves, to keep the milw0rm crowd from re-owning their boxes. - -dave [1] http://blogs.zdnet.com/security/?p=167 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGJGPetehAhL0gheoRAt73AJ9SKXbtxwBRPtpXMUu+u9KxqrgIwACeNwyd c9s7HYOfdDXQjHgprm5dFPw= =SwE/ -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Hmph Dave Aitel (Apr 16)
- Re: Hmph Tucker Dummychuck (Apr 17)