funsec mailing list archives
Re: MSIE 6/7/8 unpatched vulnerability confirmed
From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Date: Thu, 21 Jan 2010 00:20:19 +0200 (EET)
F-Secure's Hyppönen said they were wrong: "Updated to add: We were wrong, the attack was done with an IE 0-day attack instead." http://www.f-secure.com/weblog/archives/00001854.html And http://blogs.adobe.com/conversations/2010/01/idefense_putting_speculations.html http://blogs.verisign.com/idefense/ Juha-Matti Larry Seltzer [larry () larryseltzer com] kirjoitti:
What I want to know about this incident is why some (F-Secure and especially iDefense) were claiming with confidence yesterday that a PDF with the most recent exploit was the main attack vector. Now Adobe and McAfee are saying there's no actual evidence a PDF was involved. I have a lot of links in here: http://blogs.pcmag.com/securitywatch/2010/01/new_ie_0-day_not_acrobat_named.php McAfee appears to be the original identifiers of the IE 0-day. iDefense, on the other hand, seems to have gotten their information at least partly from "sources in the defense contracting and intelligence consulting community": http://arstechnica.com/security/news/2010/01/researchers-identify-command-servers-behind-google-attack.ars Lots more links, especially McAfee links, here: http://extraexploit.blogspot.com/2010/01/iexplorer-0day-cve-2010-0249.html Larry Seltzer Contributing Editor, PC Magazine larry_seltzer () ziffdavis com http://blogs.pcmag.com/securitywatch/
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- MSIE 6/7/8 unpatched vulnerability confirmed Juha-Matti Laurio (Jan 15)
- Re: MSIE 6/7/8 unpatched vulnerability confirmed Paul Ferguson (Jan 15)
- Chinese attacks Gadi Evron (Jan 15)
- <Possible follow-ups>
- Re: MSIE 6/7/8 unpatched vulnerability confirmed Juha-Matti Laurio (Jan 15)
- Re: MSIE 6/7/8 unpatched vulnerability confirmed Larry Seltzer (Jan 15)
- Re: MSIE 6/7/8 unpatched vulnerability confirmed Juha-Matti Laurio (Jan 15)
- Re: MSIE 6/7/8 unpatched vulnerability confirmed Juha-Matti Laurio (Jan 20)
- Re: MSIE 6/7/8 unpatched vulnerability confirmed Juha-Matti Laurio (Jan 20)
- Re: MSIE 6/7/8 unpatched vulnerability confirmed Paul Ferguson (Jan 20)
- Re: MSIE 6/7/8 unpatched vulnerability confirmed Larry Seltzer (Jan 20)
- Re: MSIE 6/7/8 unpatched vulnerability confirmed Paul Ferguson (Jan 20)
- Re: MSIE 6/7/8 unpatched vulnerability confirmed Juha-Matti Laurio (Jan 21)
- Re: MSIE 6/7/8 unpatched vulnerability confirmed Paul Ferguson (Jan 15)