http://security.tombom.co.uk/moreshatter.html

[guninski () guninski com (Georgi Guninski)]

CC'ing secure () microsoft com to throw some light on this.
secure () microsoft com:
Are you taking this seriously? Really really seriously?
Or are some application writers irresponsibly writing insecure code which opens 
windows on windows - like in "net send 127.0.0.1 lol" ?

Georgi Guninski
http://www.guninski.com


Schmehl, Paul L wrote:
> Interesting.  I had a lengthy email argument with a MS rep about
> shatter.  He swore up and down that it wasn't a MS problem, but a bad
> applications programmer problem.  He finally grudgingly admitted that MS
> probably shouldn't make it so easy to be a bad applications programmer
> and said he would forward my concerns to MS Security.  Maybe now they'll
> actually take the issue seriously (yeah, right!)
>
> Paul Schmehl (pauls () utdallas edu)
> Department Coordinator
> The University of Texas at Dallas
> AVIEN Founding Member
> http://www.utdallas.edu/~pauls/
>
>
>
> > -----Original Message-----
> > From: Georgi Guninski [mailto:guninski () guninski com] 
> > Sent: Tuesday, September 17, 2002 4:56 AM
> > To: full-disclosure () lists netsys com
> > Subject: [Full-disclosure] 
> > http://security.tombom.co.uk/moreshatter.html
> >
> >
> > http://security.tombom.co.uk/moreshatter.html
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html