[Dailydave] Hmph
Tucker Dummychuck
dummychuck at gmail.com
Wed Apr 18 01:21:33 EDT 2007
I'm not sure I see why we need a 3rd-party patch so urgently. The mitigation
described by MS works and is fairly painless, so presumably you'd start with
that if you are running DNS, and then wait for the patch from MS?
I agree that it was only a matter of time before hackers identified the flaw
- either using the info on the ISC diary page or from MS's advisory. Perhaps
saying that it was a stack BO made it a *little* easier to find, but that
would be the obvious thing to start looking for in the first place.
Tucker.
On 4/16/07, Dave Aitel <dave at immunityinc.com> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I'm off to class - today is niprint day! But I did have a comment on
> Ryan Naraine's latest article[1], which is this: Hackers don't need
> hints from Microsoft's advisories.
>
> Anyways, all those people with spare time need to step up with their
> third party patches! Time is of the essence people! Eventually these
> patches will be put out by the hacker groups themselves, to keep the
> milw0rm crowd from re-owning their boxes.
>
> - -dave
> [1] http://blogs.zdnet.com/security/?p=167
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
>
> iD8DBQFGJGPetehAhL0gheoRAt73AJ9SKXbtxwBRPtpXMUu+u9KxqrgIwACeNwyd
> c9s7HYOfdDXQjHgprm5dFPw=
> =SwE/
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunitysec.com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.immunitysec.com/pipermail/dailydave/attachments/20070417/32351812/attachment-0001.htm
More information about the Dailydave
mailing list