funsec mailing list archives
Re: Ilfak's WMF patch
From: Pierre Vandevenne <pierre () datarescue com>
Date: Sun, 1 Jan 2006 22:47:57 +0100
Good Day, I am a bit biased here... but GE> So, anyone looked into it? Quite a few people I'd say. http://isc.sans.org/diary.php?rss&storyid=996 GE> Problems on any Windows version? Anything stops to work? Haven't seen/heard anything. Of course, this is an evolving story. GE> What exactly does it do? The source code is available and Steve Gibson provides a good summary of what it does http://www.grc.com/groups/securitynow:423 GE> I tend to trust it more than MS's patch when it finally shows up.. Well, it is not a pissing contest. I'll install MS patch when it is available and forget about Ilfak's then. What Ilfak did is exceptionally cool. I believeit is as close as can be to rock solid protection, it is unobstrusive, simple to install/uninstall without side effects. Still, MS should know about all the eventual special cases and caveats and when they'll release a fix, that will be the one to keep. The WMF vulnerability could have mind boggling consequences. This is probably the worst problem, in terms of potential fallout, I have ever seen. I expressed my frustration to Ilfak Friday evening, before going home to see my kids a bit: I felt it wasn't right to be a sitting duck, just waiting to be exploited. Ilfak told me he thought he could solve the issue. Well, I am not disappointed. It's not the first time he pulls amazing tricks in front of me though. I am quite proud to be working with him, I guess I am not too objective though ;-) -- Best regards, Pierre mailto:pierre () datarescue com _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Ilfak's WMF patch Gadi Evron (Jan 01)
- RE: Ilfak's WMF patch Peter Kruse (Jan 01)
- RE: Ilfak's WMF patch Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jan 02)
- Re: Ilfak's WMF patch Pierre Vandevenne (Jan 01)
- RE: Ilfak's WMF patch Larry Seltzer (Jan 01)
- Re: Ilfak's WMF patch Matthew Murphy (Jan 01)
- Re: Ilfak's WMF patch Valdis . Kletnieks (Jan 01)
- Re: Ilfak's WMF patch Matthew Murphy (Jan 01)
- Re[2]: Ilfak's WMF patch Ilfak Guilfanov (Jan 01)
- Re: Ilfak's WMF patch Matthew Murphy (Jan 01)
- RE: Re[2]: Ilfak's WMF patch Larry Seltzer (Jan 02)
- Re[4]: Ilfak's WMF patch Ilfak Guilfanov (Jan 02)
- RE: Re[4]: Ilfak's WMF patch Richard M. Smith (Jan 02)
- Re[6]: Ilfak's WMF patch Ilfak Guilfanov (Jan 02)
- RE: Ilfak's WMF patch Larry Seltzer (Jan 01)
- RE: Ilfak's WMF patch Peter Kruse (Jan 01)