Re: Ilfak's WMF patch

[Pierre Vandevenne <pierre () datarescue com>]

Good Day,

I am a bit biased here... but

GE> So, anyone looked into it?

Quite a few people I'd say.

http://isc.sans.org/diary.php?rss&storyid=996

GE> Problems on any Windows version? Anything stops to work?

Haven't seen/heard anything. Of course, this is an evolving story.

GE> What exactly does it do?

The source code is available and Steve Gibson provides a good summary
of what it does

http://www.grc.com/groups/securitynow:423

GE> I tend to trust it more than MS's patch when it finally shows up..

Well, it is not a pissing contest. I'll install MS patch when it is
available and forget about Ilfak's then.

What Ilfak did is exceptionally cool. I believeit is as close as can
be to rock solid protection, it is unobstrusive, simple to
install/uninstall without side effects. Still, MS should know about
all the eventual special cases and caveats and when they'll release a
fix, that will be the one to keep. 

The WMF vulnerability could have mind boggling consequences. This is probably
the worst problem, in terms of potential fallout, I have ever seen. I
expressed my frustration to Ilfak Friday evening, before going home to
see my kids a bit: I felt it wasn't right to be a sitting duck, just
waiting to be exploited. Ilfak told me he thought he could solve the
issue. Well, I am not disappointed. It's not the first time he pulls
amazing tricks in front of me though. I am quite proud to be working
with him, I guess I am not too objective though ;-)

-- 
Best regards,
 Pierre                            mailto:pierre () datarescue com

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.