Bugtraq mailing list archives
RE: [Full-disclosure] Microsoft's Binary Planting Clean-Up Mission
From: "ACROS Security Lists" <lists () acros si>
Date: Thu, 15 Sep 2011 21:54:00 +0200
Hi Thor, Thank you very much for sharing your point of view. If Microsoft thought the same though, they probably wouldn't be fixing these bugs. I suppose they don't "understand what security really is" the same way we don't. ;-) Regards, Mitja
-----Original Message----- From: Thor (Hammer of God) [mailto:thor () hammerofgod com] Sent: Thursday, September 15, 2011 6:11 PM To: security () acrossecurity com; bugtraq () securityfocus com; full-disclosure () lists grok org uk; cert () cert org; si-cert () arnes si Subject: RE: [Full-disclosure] Microsoft's Binary Planting Clean-Up Mission From your blog: "While we know there's still a lot of cleaning up to do in their binary planting closet, our research-oriented minds remain challenged to find new ways of exploiting these critical bugs and bypassing new and old countermeasures. In the end, it was our research that got the ball rolling and it would be a missed opportunity for everyone's security if we didn't leverage the current momentum and keep researching. " I would change that around a bit. I would say "our self-serving and marketing-oriented minds remain challenged to understand what security really is, but regardless, continue to find ways of trying to convince people this represents an actual security threat. In the end, it was our research that falsely created security concerns and confusion where time was better spent really doing just about anything else, but it would have been a missed opportunity to get our names in the media to sell our security services." t-----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure- bounces () lists grok org uk] OnBehalf Of ACROSSecurity Lists Sent: Thursday, September 15, 2011 3:05 AM To: bugtraq () securityfocus com; full-disclosure () lists grok org uk; cert () cert org; si-cert () arnes si Subject: [Full-disclosure] Microsoft's Binary PlantingClean-Up MissionOur new blog post describes some recent changes Microsoftintroduced tofight against binary planting exploits. The most recentchange was theremoval of a vulnerable COM server on Windows XP which weused in ourproof of concept at Hack In The Box Amsterdam in May. Read the post to find out what else is hiding in the "COMserver binaryplanting" closet and what to do to get our PoC back to life. http://blog.acrossecurity.com/2011/09/microsofts-binary-planting-clean-up.html or http://bit.ly/qWyKph Enjoy the reading! Mitja Kolsek CEO&CTO ACROS, d.o.o. Makedonska ulica 113 SI - 2000 Maribor, Slovenia tel: +386 2 3000 280 fax: +386 2 3000 282 web: http://www.acrossecurity.com blg: http://blog.acrossecurity.com ACROS Security: Finding Your Digital Vulnerabilities Before Others Do _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Microsoft's Binary Planting Clean-Up Mission ACROS Security Lists (Sep 15)
- RE: [Full-disclosure] Microsoft's Binary Planting Clean-Up Mission Thor (Hammer of God) (Sep 16)
- RE: [Full-disclosure] Microsoft's Binary Planting Clean-Up Mission ACROS Security Lists (Sep 16)
- Message not available
- RE: [Full-disclosure] Microsoft's Binary Planting Clean-Up Mission ACROS Security Lists (Sep 16)
- RE: [Full-disclosure] Microsoft's Binary Planting Clean-Up Mission Thor (Hammer of God) (Sep 16)
- RE: [Full-disclosure] Microsoft's Binary Planting Clean-Up Mission ACROS Security Lists (Sep 16)
- Message not available
- RE: [Full-disclosure] Microsoft's Binary Planting Clean-Up Mission ACROS Security Lists (Sep 16)
- Message not available
- Message not available
- Re: [Full-disclosure] Microsoft's Binary Planting Clean-Up Mission Jeffrey Walton (Sep 16)
- RE: [Full-disclosure] Microsoft's Binary Planting Clean-Up Mission ACROS Security Lists (Sep 16)
- RE: [Full-disclosure] Microsoft's Binary Planting Clean-Up Mission Thor (Hammer of God) (Sep 16)