The full measure of devotion

[Dave Aitel <dave () immunitysec com>]

If you've sent a message to DD in the past few days, please resend it.
Someone did an emerge world, which overwrote postfix's configuration and
it took a few days to get fixed.

As for tomarrow's Microsoft Excitement - I sure hope it includes a fix
for javapxy.dll, since it turns out my laptop is vulnerable, and SP2
doesn't protect you. . .

I know Microsoft is trying to spin Firefox's security as being on the same level as IE's, but the bugs people find in 
Mozilla's engine are always super complex. The bugs in IE tend to be things like "If you use the API twice, the heap 
gets corrupted and calls a function pointer you get to supply." Likewise, bugs in Firefox get put on Slashdot and 
rigorously analyzed. Bugs in IE are labled Denial of Service bugs until someone posts a sploit. 

http://www.microsoft.com/technet/security/advisory/903144.mspx currently says 
"A COM Object (Javaprxy.dll) Could Cause Internet Explorer to Unexpectedly Exit". This is pretty much clearly not true 
after 5 minutes of looking at it. 


The difference between the two security teams here is the full measure of devotion.


-dave

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave