Full Disclosure mailing list archives
RE: EEYE: Microsoft ASN.1 Library Bit String Heap Corruption
From: "Bill Royds" <full-disclosure () royds net>
Date: Wed, 11 Feb 2004 21:51:48 -0500
Actually Microsoft has always had a backdoor into your machine if you use Windows since you have a listener on the SMB ports, as well as UPnP (port 5000), so there is no extra risk there. And Eeye has had more ways to get a backdoor than this. If you expose any computer to the Internet, you need to assume it will be compromised at some point so don't store any information that you don't want to see public. -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Geo. Sent: February 11, 2004 10:00 AM To: full-disclosure () lists netsys com Subject: RE: [Full-disclosure] EEYE: Microsoft ASN.1 Library Bit String Heap Corruption
Sure am glad you put that notice in there, here I was getting all hot
and bothered that you were giving people a road map to the exploit. Here I was wondering why a security vendor would be increasing the risk model by releasing details which will save the "bad guys" weeks of research on the day of the patch release, giving the "good guys" even less time to regression test this patch in their environment and mitigate any harmful side effects.<< Why is that such a problem when you don't seem to care that both eeye and Microsoft have had full remote anonymous access to all your Windows systems for the past 5 months? Kinda handy if a vendor could just walk into your billing system to see how much you bill each month so they could figure out how much to charge you... Geo. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- EEYE: Microsoft ASN.1 Library Bit String Heap Corruption Marc Maiffret (Feb 10)
- Re: EEYE: Microsoft ASN.1 Library Bit String Heap Corruption Paul Tinsley (Feb 11)
- RE: EEYE: Microsoft ASN.1 Library Bit String Heap Corruption Geo. (Feb 11)
- Re: EEYE: Microsoft ASN.1 Library Bit String Heap Corruption Paul Tinsley (Feb 11)
- RE: EEYE: Microsoft ASN.1 Library Bit String Heap Corruption Geo. (Feb 11)
- RE: EEYE: Microsoft ASN.1 Library Bit String Heap Corruption Bill Royds (Feb 11)
- RE: EEYE: Microsoft ASN.1 Library Bit String Heap Corruption Geo. (Feb 11)
- Re: EEYE: Microsoft ASN.1 Library Bit String Heap Corruption Paul Tinsley (Feb 11)
- <Possible follow-ups>
- Re: EEYE: Microsoft ASN.1 Library Bit String Heap Corruption macmanus (Feb 11)
- Re: EEYE: Microsoft ASN.1 Library Bit String Heap Corruption bart2k (Feb 11)
- RE: EEYE: Microsoft ASN.1 Library Bit String Heap Corruption nick danger (Feb 11)