funsec mailing list archives
Re: MSIE 6/7/8 unpatched vulnerability confirmed
From: "Larry Seltzer" <larry () larryseltzer com>
Date: Wed, 20 Jan 2010 17:43:55 -0500
Let's assume that Mikko got his bad information from iDefense. That puts all the confusion on them. I guess it's not a big matter and you'll find, with any really big story, the early reports on it are confused. I remember when the first Gulf War broke out for the first day or so there were all sorts of wacky stories of what happened. I heard fairly early on that there were many different attack programs used and Paul is certain that some of them were malicious PDFs. As I wrote at the time, it was really easy to believe that malicious PDFs were used because they're so cutting edge in these things, are excellent vehicles for targeted attacks, and this was a classic targeted attack. So when McAfee says "... contrary to some reports our findings to date have not shown a vulnerability in Adobe Reader being a factor in these attacks" (http://siblog.mcafee.com/cto/operation-%E2%80%9Caurora%E2%80%9D-hit-google-others/) are they unaware of the PDF attacks? Or are they just trying to sound smarter than everyone else? As I've said in another thread, you can't trust these security vendors anyway. They're all just in it for the money. Larry Seltzer Contributing Editor, PC Magazine larry_seltzer () ziffdavis com http://blogs.pcmag.com/securitywatch/ -----Original Message----- From: Paul Ferguson [mailto:fergdawgster () gmail com] Sent: Wednesday, January 20, 2010 5:28 PM To: Juha-Matti Laurio Cc: Larry Seltzer; funsec () linuxbox org Subject: Re: [funsec] MSIE 6/7/8 unpatched vulnerability confirmed -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Jan 20, 2010 at 2:20 PM, Juha-Matti Laurio <juha-matti.laurio () netti fi> wrote:
F-Secure's Hyppönen said they were wrong: "Updated to add: We were wrong, the attack was done with an IE 0-day attack instead." http://www.f-secure.com/weblog/archives/00001854.html And http://blogs.adobe.com/conversations/2010/01/idefense_putting_speculation s.html http://blogs.verisign.com/idefense/ Juha-Matti
I've got to agree with Joe Stewart here: "Stewart also said that he believes some of the companies compromised in this set of attacks may have been hit with exploits other than the Internet Explorer zero day that Microsoft is planning to fix with an emergency patch on Thursday." http://threatpost.com/en_us/blogs/aurora-attack-malware-components-may-be-f our-years-old-012010 While it may be true that Google, Adobe, et al., may have been exploited by the IE 0-Day, it is clearly evident to me that other organizations were targeted with malicious PDFs. $.02, - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFLV4NYq1pz9mNUZTMRAmWqAJ0XHLKjKMCaHLs0Guv4wNDfAuerCgCgydEs OKfH5VzKuz/a+MmSbUbGOVE= =majC -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- MSIE 6/7/8 unpatched vulnerability confirmed Juha-Matti Laurio (Jan 15)
- Re: MSIE 6/7/8 unpatched vulnerability confirmed Paul Ferguson (Jan 15)
- Chinese attacks Gadi Evron (Jan 15)
- <Possible follow-ups>
- Re: MSIE 6/7/8 unpatched vulnerability confirmed Juha-Matti Laurio (Jan 15)
- Re: MSIE 6/7/8 unpatched vulnerability confirmed Larry Seltzer (Jan 15)
- Re: MSIE 6/7/8 unpatched vulnerability confirmed Juha-Matti Laurio (Jan 15)
- Re: MSIE 6/7/8 unpatched vulnerability confirmed Juha-Matti Laurio (Jan 20)
- Re: MSIE 6/7/8 unpatched vulnerability confirmed Juha-Matti Laurio (Jan 20)
- Re: MSIE 6/7/8 unpatched vulnerability confirmed Paul Ferguson (Jan 20)
- Re: MSIE 6/7/8 unpatched vulnerability confirmed Larry Seltzer (Jan 20)
- Re: MSIE 6/7/8 unpatched vulnerability confirmed Paul Ferguson (Jan 20)
- Re: MSIE 6/7/8 unpatched vulnerability confirmed Juha-Matti Laurio (Jan 21)
- Re: MSIE 6/7/8 unpatched vulnerability confirmed Paul Ferguson (Jan 15)