Re: [Full-disclosure] when did piracy/theft become expression of freedom
You want to be very careful with that line of thought. You are taking the creator the rightful owners profits, which they are entitled to if it is a product they created to be sold. You are confusing what you want - with what the law states. Theft is typically very widely defined in the law, not just what the dictionary states. When you make a copy, you are performing a step that the manufacturer takes with physical products. Just because copying software is easy does not mean the laws are so cut and dried around what is theft and what is not. If you take something by making yourself a copy, when the producer is the only authorized authority to make copies then you have committed theft. You also cannot steal electricity, check out Abstracting Electricity, but bypassing the meter is wrong in most jurisdictions. In the US you can be arrested and charged for riding in a stolen car, even if you really didn't know it was stolen, known as taking without consent or TWOC. In some jurisdictions you can be arrested and charged for going equipped for burglary mean you have implements of the trade on you - crowbars, lock picks etc. So I suppose in the US we are fortunate that having a copy of some previously defined hacking tools on a computer in our possession will not get us arrested - yet. The more you know... From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Laurelai Sent: Friday, January 27, 2012 12:51 AM To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] when did piracy/theft become expression of freedom On 1/27/2012 2:24 AM, Jerry dePriest wrote: im going to the 'benz dealer in the morning to express my 1st amendment right... The Somalians are learning the hard way that it just isnt so... bma ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Piracy: an act of robbery or criminal violence at sea Theft: the illegal taking of another person's property without that person's permission or consent with the intent to deprive the rightful owner of it Software copying: Occurs neither on the high seas and does not deprive the rightful owner of it. The more you know. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Rate Stratfor's Incident Response
No one lives in a server, but the server certainly occupies space somewhere. Even a VM runs in a physical space somewhere. If someone attacks my server in my home, I think of that as physically being in my home. If someone were to hack into my daughters webcam, and enable it to view her, I would certainly consider that the EXACT same as being in my house, on my property. And said person would incur the same fathers wrath as any other boy who attempted such a thing. Father has baseball bats (the 3 B's of being a father) and this father has other more powerful weapons to defend his family with. The people out there willing to do harm remotely should not forget that there are officers of the law who will come knocking with a very real physical presence, even though the attacker was in a virtual world. That's just one fathers take on things. -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of J. von Balzac Sent: Friday, January 13, 2012 10:01 AM To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Rate Stratfor's Incident Response Really, calling it breaking in is a stretch. You connected a computer to a publicly accessible computer network, where anyone can send anything to your computer. If hacking such a system is breaking in, you might as well claim that shouting across your neighbor's yard is breaking in. Bzzzt. Bad analogy. A better one would be noticing your neighbor's garage door is open, walking across the street, entering the garage and rummaging around in his belongings. It's obvious that all analogies are bad -- the Internet is a reality onto itself and cannot, but more importantly *should* not be compared to the physical 3d reality. Internet has no law of gravity for instance, and certainly no garages. Please, just focus on what is relevant. Perhaps even take one step further back to determine what actually is relevant first. Stop comparing it to arbitrary things. No one lives in a server, so it's certainly not a house. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Full-Disclosure Digest, Vol 80, Issue 59
Once upon a time, yes. -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of throwaw...@columbus.rr.com Sent: Friday, October 14, 2011 8:49 AM To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Full-Disclosure Digest, Vol 80, Issue 59 I'm sorry, I've been away for a while... Didn't this list used to be about security issues? myhosting.com - Premium Microsoft(r) Windows(r) and Linux web and application hosting - http://link.myhosting.com/myhosting ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [OT] Obama said: American people understand that not everybody's been following the rules
And I thought this wasn't a place for politics, I am certain there are forums for that - or your Twitter or Facebook page or whatever, just not here. -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Benjamin Krueger Sent: Wednesday, October 12, 2011 2:46 PM To: Paul Schmehl Cc: full-disclosure@lists.grok.org.uk; Zach C. Subject: Re: [Full-disclosure] [OT] Obama said: American people understand that not everybody's been following the rules I thought the trolls made FD noisy and difficult to read. Boy was I wrong. On Oct 12, 2011, at 2:17 PM, Paul Schmehl wrote: --On October 12, 2011 11:00:32 AM -0700 Zach C. fxc...@gmail.com wrote: Indeed? Are they supposed to be taking pictures of events with handmade cameras? Wearing clothes they made from the ground up? Not shaving or shaving with crudely-fashioned makeshift blades from spare metal? The usage of corporate products does not disqualify one from criticizing those corporations, their behaviors, their products or the government. No, but it certainly does make one a hypocrite. At least partially because it's practically unavoidable for most people. Are you honestly saying they should have just spread local word of mouth in their area and hoped it would sweep the country because that wouldn't have used any corporate resources? That is a most inefficient way of moving people, especially with a news media that is proving actively hostile to those who are admittedly threatening its cushy seat. Isn't that interesting? They want to get rid of all the corps, yet they don't want to do without their products because it would be a most inefficient way of moving people If you can't see the irony and hypocrisy of that position, you might be a liberal. Oh, 'scuse me, progressive. -- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. *** It is as useless to argue with those who have renounced the use of reason as to administer medication to the dead. Thomas Jefferson There are some ideas so wrong that only a very intelligent person could believe in them. George Orwell ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] “We keep wiping it off, and it keeps coming back”
I know in the old days (15 years ago) – there were networks that were completely separate from the outside world. I remember trying to do telephone tech support to someone on a secure network… Tell him to do “this” He puts down the phone, goes through physical security, tries “this” He comes back though security picks up phone talks to me. Security allowed nothing that looked like portable storage in or out of the secure area. Rinse. Repeat. Couldn’t even place outside voice calls from the secure network area. I don’t know if they do this today. I also know that there used to be setups with removable hard drives where one drive connected you to the secure network and yet another drive connected to the unsecure network. – Two different network cards each enabled for different networks. The good old days From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Thor (Hammer of God) Sent: Monday, October 10, 2011 10:36 AM To: Christian Sciberras; Michael T Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] “We keep wiping it off, and it keeps coming back” Consider the source. It’s “someone close” to the operations, and that only according to this guy. It could very well be a slot-puller in the casino across the street… I’m always dubious of the reporting of this type of thing where the source is some “secret” person, and where there is never any ability to refute claims. t From: full-disclosure-boun...@lists.grok.org.ukmailto:full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk]mailto:[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Christian Sciberras Sent: Monday, October 10, 2011 7:05 AM To: Michael T Cc: full-disclosure@lists.grok.org.ukmailto:full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] “We keep wiping it off, and it keeps coming back” I'm talking more about their engineers than their network. If I had my network infected with a virus, I'd immediately deploy some form of logging/monitoring tool (eg, wireshark). Honestly, it all sounds like they're employing inexperienced engineers. Which is again strange, considering the field they're in. Regarding your bet, see that's already something. Why exactly can't they verify your bet? It isn't like viruses suddenly became invisible, is it? I'm just curious to these questions. It's strange to hear someone saying we basically have no idea what's going on. On Mon, Oct 10, 2011 at 3:40 PM, Michael T mt2410...@gmail.commailto:mt2410...@gmail.com wrote: It's a network that's 'detached', or 'segregated', or whatevered from the rest of the world, so it's 'largely immune to viruses'. That likely means they have: 1. NO logging 2. NO anti-virus 3. NO hardening The very fact that these systems are on a segregated network means they are probably more frail, and more susceptible to viruses, than a normal person's laptop. Immune to viruses... What a crock of shit. My bet is that it's coming from the planes. Mike On Mon, Oct 10, 2011 at 7:51 AM, Christian Sciberras uuf6...@gmail.commailto:uuf6...@gmail.com wrote: http://www.wired.com/dangerroom/2011/10/virus-hits-drone-fleet/ This is news to me. Moreover, I'm a bit confused as to how they don't track how it's coming back. I mean, how is it possible that no one stepped in and analyzed how the virus acts and where it came from? It sounds fish if you ask me. Chris. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] 0day Full disclosure: American Express
A lot of the banking industry uses lowercase only. Easier to type form a telephone handset. Legacy system suckage. From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Rack911 Security Lists Sent: Monday, October 10, 2011 10:58 AM To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] 0day Full disclosure: American Express American express also utilizing case-insensitive password storing. On 10/5/2011 11:55 PM, John Doe wrote: http://qnrq.se/full-disclosure-american-express/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] “We keep wiping it off, and it keeps coming back”
I have no idea, I assume – this is usually what they mean when they talk about an “air barrier” From: evejou [mailto:g...@techn0ev3.net] Sent: Monday, October 10, 2011 1:04 PM To: Michael Schmidt Cc: Thor (Hammer of God); Christian Sciberras; Michael T; full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] “We keep wiping it off, and it keeps coming back” As someone kind of young (and thus no historical recollection), I'm kind of surprised that this is talked about in past-tense. Does this not happen anymore? I could see how this could get super annoying after awhile. On Mon, Oct 10, 2011 at 2:09 PM, Michael Schmidt mschm...@drugstore.commailto:mschm...@drugstore.com wrote: I know in the old days (15 years ago) – there were networks that were completely separate from the outside world. I remember trying to do telephone tech support to someone on a secure network… Tell him to do “this” He puts down the phone, goes through physical security, tries “this” He comes back though security picks up phone talks to me. Security allowed nothing that looked like portable storage in or out of the secure area. Rinse. Repeat. Couldn’t even place outside voice calls from the secure network area. I don’t know if they do this today. I also know that there used to be setups with removable hard drives where one drive connected you to the secure network and yet another drive connected to the unsecure network. – Two different network cards each enabled for different networks. The good old days From: full-disclosure-boun...@lists.grok.org.ukmailto:full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.ukmailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Thor (Hammer of God) Sent: Monday, October 10, 2011 10:36 AM To: Christian Sciberras; Michael T Cc: full-disclosure@lists.grok.org.ukmailto:full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] “We keep wiping it off, and it keeps coming back” Consider the source. It’s “someone close” to the operations, and that only according to this guy. It could very well be a slot-puller in the casino across the street… I’m always dubious of the reporting of this type of thing where the source is some “secret” person, and where there is never any ability to refute claims. t From: full-disclosure-boun...@lists.grok.org.ukmailto:full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk]mailto:[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Christian Sciberras Sent: Monday, October 10, 2011 7:05 AM To: Michael T Cc: full-disclosure@lists.grok.org.ukmailto:full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] “We keep wiping it off, and it keeps coming back” I'm talking more about their engineers than their network. If I had my network infected with a virus, I'd immediately deploy some form of logging/monitoring tool (eg, wireshark). Honestly, it all sounds like they're employing inexperienced engineers. Which is again strange, considering the field they're in. Regarding your bet, see that's already something. Why exactly can't they verify your bet? It isn't like viruses suddenly became invisible, is it? I'm just curious to these questions. It's strange to hear someone saying we basically have no idea what's going on. On Mon, Oct 10, 2011 at 3:40 PM, Michael T mt2410...@gmail.commailto:mt2410...@gmail.com wrote: It's a network that's 'detached', or 'segregated', or whatevered from the rest of the world, so it's 'largely immune to viruses'. That likely means they have: 1. NO logging 2. NO anti-virus 3. NO hardening The very fact that these systems are on a segregated network means they are probably more frail, and more susceptible to viruses, than a normal person's laptop. Immune to viruses... What a crock of shit. My bet is that it's coming from the planes. Mike On Mon, Oct 10, 2011 at 7:51 AM, Christian Sciberras uuf6...@gmail.commailto:uuf6...@gmail.com wrote: http://www.wired.com/dangerroom/2011/10/virus-hits-drone-fleet/ This is news to me. Moreover, I'm a bit confused as to how they don't track how it's coming back. I mean, how is it possible that no one stepped in and analyzed how the virus acts and where it came from? It sounds fish if you ask me. Chris. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- --- g...@techn0ev3.netmailto:g...@techn0ev3.net Finché c'è vita, c'è speranza. As long as there is life, there is hope. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk
Re: [Full-disclosure] Wipe off, rub out, reappear...
My worst nightmare is that it's something like this We wipe the virus from the network, then when Bob uses his flash drive for a map update we get it again, weird huh? From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Christian Sciberras Sent: Monday, October 10, 2011 3:03 PM To: Daniel Sichel Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Wipe off, rub out, reappear... Well, it SHOULDN'T happen to people that are supposedly trained to overcome such issues. It's like engineers are inexperienced prior to a nuclear reactor meltdown. While I wouldn't expect the engineers to have first-hand experience in dealing with such issues, it still doesn't excuse them from know what they're doing. On Mon, Oct 10, 2011 at 10:22 PM, Daniel Sichel dani...@ponderosatel.commailto:dani...@ponderosatel.com wrote: Somebody posted the following; I'm just curious to these questions. It's strange to hear someone saying we basically have no idea what's going on. Doesn't sound funny to me, happens to me all the time. That's how I learn. Dan S. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Wipe off, rub out, reappear...
If its bot net code and it is behind an air barrier then it will never phone home. They can take their time to kill it because it will never get instructions to do anything. If it's something more destructive then maybe they need to call in someone more experienced. But it does not sound destructive and it does sound like it is on a disconnected network. From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of xD 0x41 Sent: Monday, October 10, 2011 3:53 PM To: Daniel Sichel Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Wipe off, rub out, reappear... I will say, with Botnets, and bots in general, i dont see much talented people on FD... although, seems many can decrypt them, so, makes me wonder , it is a train-of-thought also, i guess this is where hat colors take control.. black hats would say, go read some bot src and wake up FD, while white hats would say, but we can just kill it anyhow...' oh, we decrypted it... etc... another pintless neverneding arguement.. On 11 October 2011 07:22, Daniel Sichel dani...@ponderosatel.commailto:dani...@ponderosatel.com wrote: Somebody posted the following; I'm just curious to these questions. It's strange to hear someone saying we basically have no idea what's going on. Doesn't sound funny to me, happens to me all the time. That's how I learn. Dan S. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] 0day Full disclosure: American Express
Yeah, cause those robots always, always, always obey the robots file... :-) -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Carlos Alberto Lopez Perez Sent: Thursday, October 06, 2011 2:54 AM To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] 0day Full disclosure: American Express On 06/10/11 08:55, John Doe wrote: http://qnrq.se/full-disclosure-american-express/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ American Express admins looks really worried by security At least they thought about the remote possibility of google indexing the admin panel, so they disabled it at https://www.americanexpress.com/robots.txt smart move :-) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Microsoft's Binary Planting Clean-Up Mission
Someone’s just not reading the bulletins – Note the term “Remote” – including webdav, so a share that could be fully controlled by the exploiter. At least that is what I am understanding. Updates released on September 13, 2011 Microsoft Security Bulletin MS11-071, Vulnerability in Windows Components Could Allow Remote Code Execution, provides support for vulnerable components of Microsoft Windows that are affected by the Insecure Library Loading class of vulnerabilities described in this advisory. Microsoft Security Bulletin MS11-073, Vulnerabilities in Microsoft Office Could Allow Remote Code Execution, provides support for vulnerable components of Microsoft Office that are affected by the Insecure Library Loading class of vulnerabilities described in this advisory. From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of adam Sent: Thursday, September 15, 2011 3:27 PM To: secur...@acrossecurity.com Cc: full-disclosure@lists.grok.org.uk; bugt...@securityfocus.com Subject: Re: [Full-disclosure] Microsoft's Binary Planting Clean-Up Mission I'm afraid you don't fully understand the issue. This is not about placing your own DLL on a local machine so that a chosen application will load it (i.e., user attacking an application on his own computer). I'm not sure you understood the point. That being, whether the user knowingly or unknowingly loads the malicious DLL - the application will be effected the same either way. To that point: it's been possible for over a decade (and perhaps even longer) so pretending that it's some brand new threat that needs to be dealt with immediately is foolish. possibly on a remote share - and executing its code (i.e., attacker with zero privileges on user's computer executing code on that computer). Zero privileges? So having write access to a share that the user accesses/loads files from - what do you call that? This is a social engineering attack - absolutely nothing more. On a related note: have you also contacted Linus about LD_PRELOAD? On Thu, Sep 15, 2011 at 5:05 PM, ACROS Security Lists li...@acros.simailto:li...@acros.si wrote: Hi Adam, I'm afraid you don't fully understand the issue. This is not about placing your own DLL on a local machine so that a chosen application will load it (i.e., user attacking an application on his own computer). It is about an application running on your computer silently grabbing a malicious DLL from attacker-controlled location - possibly on a remote share - and executing its code (i.e., attacker with zero privileges on user's computer executing code on that computer). I hope this helps a little. Cheers, Mitja -Original Message- From: iaretheb...@gmail.commailto:iaretheb...@gmail.com [mailto:iaretheb...@gmail.commailto:iaretheb...@gmail.com] On Behalf Of adam Sent: Thursday, September 15, 2011 11:26 PM To: Thor (Hammer of God) Cc: secur...@acrossecurity.commailto:secur...@acrossecurity.com; Christian Sciberras; full-disclosure@lists.grok.org.ukmailto:full-disclosure@lists.grok.org.uk; bugt...@securityfocus.commailto:bugt...@securityfocus.com Subject: Re: [Full-disclosure] Microsoft's Binary Planting Clean-Up Mission Plus: pretending that you're on the same page as Microsoft (from a security standpoint) to further your own argument is more damaging than it is beneficial. The entire binary planting concept was flawed from the very beginning. If you can drop a binary file on a user's machine - make it an executable and be done with it. There's nothing fancy or innovative about forcing applications to use specific DLLs - script kiddies have been doing it for over 10 years to inject custom code in multiplayer games. On Thu, Sep 15, 2011 at 3:59 PM, Thor (Hammer of God) t...@hammerofgod.commailto:t...@hammerofgod.com wrote: I'm curious. Who is your contact at MSFT? Who is it that has told you they have a Binary Planting Clean-up Mission and where do they mention you as having anything to do with it? If you are going to claim MSFT's actions as substantive to your agenda, how about provide some details? t -Original Message- From: ACROS Security Lists [mailto:li...@acros.simailto:li...@acros.si] Sent: Thursday, September 15, 2011 1:41 PM To: 'Christian Sciberras' Cc: Thor (Hammer of God); full-disclosure@lists.grok.org.ukmailto:full-disclosure@lists.grok.org.uk; bugt...@securityfocus.commailto:bugt...@securityfocus.com Subject: RE: [Full-disclosure] Microsoft's Binary Planting Clean-Up Mission Hey Chris, I bet Microsoft actually like stating they just fixed yet another severe bug. Zero-day fixing is big business, you knoweven if zero is past a few days. I don't think Microsoft gains much from being able to say they fixed yet another bug