Re: Is this a hoax?

["B.K. DeLong" <bkdelong () pobox com>]

I'm not sure but I read this earlier this morning:

http://infosecsellout.blogspot.com/2007/06/advisories-marketing-stupid-reporters.html

On 6/28/07, Blanchard_Michael () emc com <Blanchard_Michael () emc com> wrote:
> Sure seems like a hoax or other baddie to me....  The "patch" comes from sofaware.com.....
>
>
> http://www.darkreading.com/document.asp?doc_id=127731&WT.svl=news1_1
> CSRF Bug Runs Rampant
>
> JUNE 26, 2007 | It was only a matter of time before the cross-site request forgery (CSRF) floodgates would open: A security appliance 
> firm has found the wily bug in products from eight security vendors, including Check Point Software's Safe@Office Unified Threat 
> Management device, versions 7.0.39X and prior. (See Eight Vulnerabilities You May Have Missed), CSRF Vulnerability: A 'Sleeping 
> Giant' and Killer Combo: XSS + CSRF.)
>
> Check Point, which today issued a patch for the bug within its 7.0.45 release of the product, is the only vendor so far 
> to officially respond to the CSRF discovery found by Calyptix Security, a tiny Charlotte, N.C.-based supplier of 
> all-in-one security



--
B.K. DeLong (K3GRN)
bkdelong () pobox com
+1.617.797.8471

http://www.wkdelong.org                    Son.
http://www.ianetsec.com                    Work.
http://www.bostonredcross.org             Volunteer.
http://www.carolingia.eastkingdom.org   Service.
http://bkdelong.livejournal.com             Play.


PGP Fingerprint:
38D4 D4D4 5819 8667 DFD5  A62D AF61 15FF 297D 67FE

FOAF:
http://foaf.brain-stream.org
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.