FW: What's wrong with this picture?

["Richard Spiers" <Dksaarth () unix za net>]

Just thought I'd highlight some things

""We have never had vulnerabilities exploited before the patch was known,"
he said. "

"Mr Aucsmith said he could only think of one instance when a vulnerability
was exploited before a patch was available."

Which one is it? And at any rate both are ridiculous.

""Almost all attacks against our software are against the legacy systems,"
he said."

Riiiight.....so everybody out there is out hax0ring win 95 boxes instead
dcoming or d0ssing win2k and XP. Isn't 95% of all the stuph we see on this
list referring to XP or 2k?

My 0.0002c
Richard Spiers
Dksaarth


-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of
Valdis.Kletnieks () vt edu
Sent: 26 February 2004 07:38 PM
To: bugtraq () securityfocus com; full-disclosure () lists netsys com
Subject: [Full-disclosure] What's wrong with this picture?

Somebody want to explain to this guy that there's a difference between
"publicly available" exploits and 0-day exploits circulating in the
underground?

http://news.bbc.co.uk/1/hi/technology/3485972.stm

Scary part is that he's a high honcho at Microsoft's security unit.

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.346 / Virus Database: 194 - Release Date: 2002/04/10
 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.346 / Virus Database: 194 - Release Date: 2002/04/10
 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html