funsec mailing list archives
Re: MSIE 6/7/8 unpatched vulnerability confirmed
From: Paul Ferguson <fergdawgster () gmail com>
Date: Wed, 20 Jan 2010 14:27:43 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Jan 20, 2010 at 2:20 PM, Juha-Matti Laurio <juha-matti.laurio () netti fi> wrote:
F-Secure's Hyppönen said they were wrong: "Updated to add: We were wrong, the attack was done with an IE 0-day attack instead." http://www.f-secure.com/weblog/archives/00001854.html And http://blogs.adobe.com/conversations/2010/01/idefense_putting_speculation s.html http://blogs.verisign.com/idefense/ Juha-Matti
I've got to agree with Joe Stewart here: "Stewart also said that he believes some of the companies compromised in this set of attacks may have been hit with exploits other than the Internet Explorer zero day that Microsoft is planning to fix with an emergency patch on Thursday." http://threatpost.com/en_us/blogs/aurora-attack-malware-components-may-be-f our-years-old-012010 While it may be true that Google, Adobe, et al., may have been exploited by the IE 0-Day, it is clearly evident to me that other organizations were targeted with malicious PDFs. $.02, - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFLV4NYq1pz9mNUZTMRAmWqAJ0XHLKjKMCaHLs0Guv4wNDfAuerCgCgydEs OKfH5VzKuz/a+MmSbUbGOVE= =majC -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- MSIE 6/7/8 unpatched vulnerability confirmed Juha-Matti Laurio (Jan 15)
- Re: MSIE 6/7/8 unpatched vulnerability confirmed Paul Ferguson (Jan 15)
- Chinese attacks Gadi Evron (Jan 15)
- <Possible follow-ups>
- Re: MSIE 6/7/8 unpatched vulnerability confirmed Juha-Matti Laurio (Jan 15)
- Re: MSIE 6/7/8 unpatched vulnerability confirmed Larry Seltzer (Jan 15)
- Re: MSIE 6/7/8 unpatched vulnerability confirmed Juha-Matti Laurio (Jan 15)
- Re: MSIE 6/7/8 unpatched vulnerability confirmed Juha-Matti Laurio (Jan 20)
- Re: MSIE 6/7/8 unpatched vulnerability confirmed Juha-Matti Laurio (Jan 20)
- Re: MSIE 6/7/8 unpatched vulnerability confirmed Paul Ferguson (Jan 20)
- Re: MSIE 6/7/8 unpatched vulnerability confirmed Larry Seltzer (Jan 20)
- Re: MSIE 6/7/8 unpatched vulnerability confirmed Paul Ferguson (Jan 20)
- Re: MSIE 6/7/8 unpatched vulnerability confirmed Juha-Matti Laurio (Jan 21)
- Re: MSIE 6/7/8 unpatched vulnerability confirmed Paul Ferguson (Jan 15)