Penetration Testing mailing list archives
RE: New article on SecurityFocus
From: "Navroz Shariff" <nshariff () americanbible org>
Date: Fri, 6 Jan 2006 10:23:16 -0500
I definitely agree with Thor. Everyone had made the WMF exploit more vulnerable in theory then in practice. May be some IT staff are axious for something big to come out...it adds excitement to life :-) Don't worry...Rootkits such as the proof of concept 'Shadow Walker' will soon arrive and add some spice to IT life. -Nav -----Original Message----- From: Thor (Hammer of God) [mailto:thor () hammerofgod com] Sent: Thursday, January 05, 2006 5:00 PM To: Erin Carroll; pen-test () securityfocus com Cc: Larry Seltzer; focus-ms () securityfocus com Subject: Re: New article on SecurityFocus
A few hundred million Windows XP machines lay vulnerable on the Web today, a week after a zero-day exploit was discovered. Meanwhile, new approaches and ideas from the academic world - that focus exclusively on children - may give us hope for the future after all. http://www.securityfocus.com/columnists/377
Sorry, but it's not going to happen. Yes, it is a serious vulnerability, but there will be no Armageddon here. Comparing this to the RPC vulnerability (which had worm potential) is specious. Overall, I think community's coverage of wmf has been delivered with an ounce of perception, and a pound of obscurity. It's almost as if people *want* it to be worse than it is. I'm not surprised, of course. But regardless, my call is that we'll see a little activity here and there, the patch will come out, most will install it (or have it installed automatically) and the whole issue will fade away. But that's all. We'll know for sure shortly, either way. t ----- "I may disapprove of what you say, but I will defend to the death your right to say it." ------------------------------------------------------------------------ ------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ------------------------------------------------------------------------ ------- ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- New article on SecurityFocus Erin Carroll (Jan 04)
- Re: New article on SecurityFocus H D Moore (Jan 04)
- Re: New article on SecurityFocus Alexander Sotirov (Jan 07)
- Re: New article on SecurityFocus Thor (Hammer of God) (Jan 05)
- <Possible follow-ups>
- RE: New article on SecurityFocus Phillips Williams (Jan 05)
- RE: New article on SecurityFocus (.WMF Vuln) Corey Watts-Jones (Jan 06)
- Re: New article on SecurityFocus Thor (Hammer of God) (Jan 07)
- RE: New article on SecurityFocus Navroz Shariff (Jan 06)
- RE: New article on SecurityFocus Brady McClenon (Jan 06)
- RE: New article on SecurityFocus Larry Seltzer (Jan 06)
- RE: New article on SecurityFocus Erin Carroll (Jan 06)
- Re: New article on SecurityFocus Socrates (Jan 07)
- RE: New article on SecurityFocus Murad Talukdar (Jan 09)
- RE: New article on SecurityFocus Murad Talukdar (Jan 09)
- RE: New article on SecurityFocus Larry Seltzer (Jan 06)
- RE: New article on SecurityFocus Brady McClenon (Jan 06)
- Re: New article on SecurityFocus Robin (Jan 06)
- RE: New article on SecurityFocus Jim Clausing (Jan 07)
- RE: New article on SecurityFocus Erin Carroll (Jan 07)
(Thread continues...)
- Re: New article on SecurityFocus H D Moore (Jan 04)