nanog mailing list archives
RE: WMF patch
From: Fred Heutte <aoxomoxoa () sunlightdata com>
Date: Wed, 4 Jan 2006 13:36:53 -0800
More info. This seems pretty reasonable: http://castlecops.com/a6445-WMF_Exploit_FAQ.html Steve Gibson is also mirroring Guilfanov's bypass, and says Microsoft's cryptographically signed but unreleased patch is floating around the net now: http://www.grc.com/sn/notes-020.htm In my reading this is a serious vulnerability, but the self- inflating agitation in the "security community" has reached a highly annoying level. I'm in the FTDT (fix the damn thing) school; let's deal with it and get on with it. Every cycle spent moaning about the faults of Microsoft is a lost opportunity for something more productive. Back to /usr/lurk . . . regards, Fred -----------------
On Wed, 4 Jan 2006, Brance Amussen wrote:Howdy, Here is the link to the unofficial patches creators site. http://www.hexblog.com/ This is the one sans links to. Sans seems to be having a hard day.. No Dshield mailings today either.. Isc.sans.org is sporadic as well..According to isc.sans.org, hexblog.com was down due to bandwidth issues earlier. See the isc.sans.org homepage for details on alternate ways to get to it.
Current thread:
- WMF patch Eric Frazier (Jan 04)
- RE: WMF patch Brance Amussen (Jan 04)
- RE: WMF patch Steve Sobol (Jan 04)
- Message not available
- Re: WMF patch Eric Frazier (Jan 05)
- Re: WMF patch Robert Boyle (Jan 05)
- Re: WMF patch Eric Frazier (Jan 05)
- RE: WMF patch Brance Amussen (Jan 04)
- <Possible follow-ups>
- RE: WMF patch Fergie (Jan 04)
- RE: WMF patch Randy Bush (Jan 04)
- RE: WMF patch Sean Donelan (Jan 04)
- RE: WMF patch Fred Heutte (Jan 04)
- Re: WMF patch Valdis . Kletnieks (Jan 04)
- Re: WMF patch Stephane Bortzmeyer (Jan 05)
- Re: WMF patch Alexander Harrowell (Jan 05)
- MPLS Providers Andrew Staples (Jan 05)
- Re: WMF patch Valdis . Kletnieks (Jan 04)
- Re: WMF patch Martin Hannigan (Jan 04)