Re: MSIE 6/7/8 unpatched vulnerability confirmed

["Larry Seltzer" <larry () larryseltzer com>]

Let's assume that Mikko got his bad information from iDefense. That puts all the confusion on them. I guess it's not a 
big matter and you'll find, with any really big story, the early reports on it are confused. I remember when the first 
Gulf War broke out for the first day or so there were all sorts of wacky stories of what happened.

I heard fairly early on that there were many different attack programs used and Paul is certain that some of them were 
malicious PDFs. As I wrote at the time, it was really easy to believe that malicious PDFs were used because they're so 
cutting edge in these things, are excellent vehicles for targeted attacks, and this was a classic targeted attack. 

So when McAfee says "... contrary to some reports our findings to date have not shown a vulnerability in Adobe Reader 
being a factor in these attacks" (http://siblog.mcafee.com/cto/operation-%E2%80%9Caurora%E2%80%9D-hit-google-others/) 
are they unaware of the PDF attacks? Or are they just trying to sound smarter than everyone else?

As I've said in another thread, you can't trust these security vendors anyway. They're all just in it for the money.

Larry Seltzer
Contributing Editor, PC Magazine
larry_seltzer () ziffdavis com 
http://blogs.pcmag.com/securitywatch/


-----Original Message-----
From: Paul Ferguson [mailto:fergdawgster () gmail com] 
Sent: Wednesday, January 20, 2010 5:28 PM
To: Juha-Matti Laurio
Cc: Larry Seltzer; funsec () linuxbox org
Subject: Re: [funsec] MSIE 6/7/8 unpatched vulnerability confirmed

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, Jan 20, 2010 at 2:20 PM, Juha-Matti Laurio
<juha-matti.laurio () netti fi> wrote:

> F-Secure's Hyppönen said they were wrong:
> "Updated to add: We were wrong, the attack was done with an IE 0-day
> attack instead."
>
> http://www.f-secure.com/weblog/archives/00001854.html
>
> And
> http://blogs.adobe.com/conversations/2010/01/idefense_putting_speculation
> s.html
>
> http://blogs.verisign.com/idefense/
>
> Juha-Matti

I've got to agree with Joe Stewart here:

"Stewart also said that he believes some of the companies compromised in
this set of attacks may have been hit with exploits other than the Internet
Explorer zero day that Microsoft is planning to fix with an emergency patch
on Thursday."

http://threatpost.com/en_us/blogs/aurora-attack-malware-components-may-be-f
our-years-old-012010

While it may be true that Google, Adobe, et al., may have been exploited by
the IE 0-Day, it is clearly evident to me that other organizations were
targeted with malicious PDFs.

$.02,

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)

wj8DBQFLV4NYq1pz9mNUZTMRAmWqAJ0XHLKjKMCaHLs0Guv4wNDfAuerCgCgydEs
OKfH5VzKuz/a+MmSbUbGOVE=
=majC
-----END PGP SIGNATURE-----

-- 
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawgster(at)gmail.com
 ferg's tech blog: http://fergdawg.blogspot.com/

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.