Full Disclosure mailing list archives
Re: FrSIRT False Alarm
From: Jérôme ATHIAS <jerome.athias () free fr>
Date: Sat, 20 Aug 2005 21:17:27 +0200
"amazing" http://www.securityfocus.com/archive/1/359969/2004-04-06/2004-04-12/0 btw, another KillBit: http://isc.sans.org/msddskillbit.php Paul a écrit :
"Microsoft is concerned that this new report of a vulnerability in Internet Explorer was not disclosed responsibly, potentially putting computer users at risk. We continue to encourage responsible disclosure of vulnerabilities.We believe the commonly accepted practice of reporting vulnerabilitiesdirectly to a vendor serves everyone's best interests. This practice helpsto ensure that customers receive comprehensive, high-quality updates forsecurity vulnerabilities without exposure to malicious attackers while theupdate is being developed."Believe it or not, I am in full agreement with this statement. Regards, Paul Greyhats Security http://greyhatsecurity.org ----- Original Message ----- From: <ad () class101 org> To: <full-disclosure () lists grok org uk> Sent: Saturday, August 20, 2005 6:13 AM Subject: Re: [Full-disclosure] FrSIRT False AlarmMS said:"Microsoft is concerned that this new report of a vulnerability in Internet Explorer was not disclosed responsibly, potentially putting computer users at risk. We continue to encourage responsible disclosure of vulnerabilities.We believe the commonly accepted practice of reporting vulnerabilitiesdirectly to a vendor serves everyone's best interests. This practice helpsto ensure that customers receive comprehensive, high-quality updates forsecurity vulnerabilities without exposure to malicious attackers while theupdate is being developed." http://www.microsoft.com/technet/security/advisory/906267.mspx chaotic :>do you have a test page?No. We used the public exploit to generate a specially crafted page. Best regards, FrSIRT / French Security Incident Response Team 24/7 http://www.frsirt.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDBew5OjxwThxio44RAoWgAJ9k5+qAasePjIG8OaOe2AFjBKsvjQCfVFuD I0Yc2oleSNh/jqc8lKRxQp8= =CAvW-----END PGP SIGNATURE-----**************************************************************** KEY: 0xA7C69C5F PRINT: 694C 3495 BCC4 2F8B D794 6BD4 AF8B 457B A7C6 9C5F **************************************************************** _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: FrSIRT False Alarm, (continued)
- Re: FrSIRT False Alarm ad (Aug 20)
- Re: FrSIRT False Alarm Paul (Aug 20)
- Re: FrSIRT False Alarm ad (Aug 20)
- Re: FrSIRT False Alarm Thierry Zoller (Aug 20)
- Re: FrSIRT False Alarm Paul (Aug 20)
- Re: FrSIRT False Alarm Dave Korn (Aug 22)
- Re: Re: FrSIRT False Alarm Ill will (Aug 22)
- Re: FrSIRT False Alarm Ill will (Aug 24)
- RE: FrSIRT False Alarm Aviv Raff (Aug 25)
- Re: FrSIRT False Alarm ad (Aug 25)
- Re: FrSIRT False Alarm Paul (Aug 20)
- Re: FrSIRT False Alarm ad (Aug 20)
- Re: FrSIRT False Alarm Jérôme ATHIAS (Aug 21)