Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Old code in Windows is security threat

From: InfoSec News <isn () c4i org>
Date: Wed, 12 Jun 2002 03:03:19 -0500 (CDT)
Forwarded from: Marc Maiffret <marc () eeye com>

Exactly. I mean people should be happy that Microsoft turns features
off by default. However, that should not be the scapegoat that is
going to be used in the future for security flaws.

"Well it is not that critical because .asp ISAPI is turned off by
default." heh

Signed,
Marc Maiffret
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9538
http://eEye.com/Retina - Network Security Scanner
http://eEye.com/Iris - Network Traffic Analyzer
http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities

| -----Original Message-----
| From: owner-isn () attrition org [mailto:owner-isn () attrition org]On Behalf
| Of InfoSec News
| Sent: Tuesday, June 11, 2002 1:23 AM
| To: isn () attrition org
| Subject: RE: [ISN] Old code in Windows is security threat
|
|
| Forwarded from: Andrew Weaver <Andrew.Weaver () tecnomen fi>
|
| Hmmm... So their "quickfix" is to set the insecure off by default. OK, but
| what if I need the feature? Are they going to fix it or not?
|
| > -----Original Message-----
| > From:       InfoSec News [SMTP:isn () c4i org]
| > Sent:       Monday, June 10, 2002 1:13 PM
| > To: isn () attrition org
| > Subject:    [ISN] Old code in Windows is security threat
| >
| > http://news.com.com/2100-1001-934363.html?tag=fd_top
| >
| > By Robert Lemos
| > Staff Writer, CNET News.com
| > June 9, 2002, 11:00 PM PT
| >
| > Microsoft will more quickly retire old code in its Windows operating
| > system and other software as a result of the company's
| > four-month-old "trustworthy computing" initiative, the company's
| > lead bug basher said in an interview.
| >
| > The revelation follows last week's warning that a serious
| > vulnerability in Microsoft's Internet Explorer occurred in the
| > software supporting a decade-old protocol that has rarely been used
| > since the World Wide Web became popular.
| >
| > "A lot of the (coming) design changes are to remove this feature or
| > turn that one off by default," said Steve Lipner, director of
| > security assurance for Microsoft and the man on the ground for the
| > company's trustworthy computing initiative.
|
| [...]



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: