funsec mailing list archives
today's assortment of internet press about the .ANI thing
From: Paul Vixie <paul () vix com>
Date: Thu, 05 Apr 2007 17:39:03 +0000
http://news.bbc.co.uk/2/hi/technology/6526851.stm "Cursor hackers target WoW players" World of Warcraft players are being targeted by hackers exploiting flaws in how Windows handles animated cursors. ... http://www.computerworld.com.au/index.php/id;838771320;fp;16;fpid;0 "Hackers offer subscription, support for their malware" Like many just-launched e-commerce sites in the world, this unnamed Web site has a fairly functional, if somewhat rudimentary, home page. A list of options at top of the home page allows visitors to transact business in Russian or in English, offers an FAQ section, spells out the terms and conditions for software use and provides details on payment forms that are supported. ... http://blogs.technet.com/msrc/archive/2007/04/03/an-inside-look-into-building-and-releasing-ms07-017.aspx "An inside look into building and releasing MS07-017" Hey Folks -- this is Mike Reavey. We're all glad that MS07-017 -- the Security Bulletin that fixes the vulnerability in Animated Cursor Handling (CVE-2007-1215) -- has been released, helping to block attacks on that vulnerability. While we released it within 5 days of being notified of attacks, we have received questions from customers about why it took us 3 months to develop and release the fix for this vulnerability. I wanted to provide some insight into the history of this vulnerability, and while doing so, hopefully provide insight into the overall security update lifecycle, including testing, which consumes the greatest amount of time. ... http://www.betanews.com/article/Microsoft_Ignore_Third_Party_Vista_Service_Packs/1175715717 "Microsoft: Ignore Third Party Vista "Service Packs"" For years, tech enthusiasts have been compiling hotfixes into unofficial service packs for Windows, offering brave users a quick way to update their operating systems before Microsoft finishes its own. But for Vista, Microsoft is warning users not to trust these third-party roll-ups. ... _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- today's assortment of internet press about the .ANI thing Paul Vixie (Apr 05)