Indeed. The same way people who do not know the difference between "you mind" and "your mind" should be shot. "common sense"? Not very "common" at all.
Sent from my iPhone 4 On 16/09/2011, at 16:06, "Mikhail A. Utin" <[email protected]> wrote: > Mitja, > You, unfortunately, did not get it. It is not about Microsoft, it is about > you guys who do not make things better but put all you mind in doing things > worse. Use common sense in whatever you do. Innovating hacks beyond and above > "black hats" does not really help people being more secure. > > Mikhail A. Utin, CISSP > Information Security Analyst > > > -----Original Message----- > From: ACROS Security Lists [mailto:[email protected]] > Sent: Thursday, September 15, 2011 3:54 PM > To: 'Thor (Hammer of God)' > Cc: [email protected]; [email protected] > Subject: RE: [Full-disclosure] Microsoft's Binary Planting Clean-Up Mission > > Hi Thor, > > Thank you very much for sharing your point of view. If Microsoft thought the > same though, they probably wouldn't be fixing these bugs. I suppose they > don't "understand what security really is" the same way we don't. ;-) > > Regards, > Mitja > > > >> -----Original Message----- >> From: Thor (Hammer of God) [mailto:[email protected]] >> Sent: Thursday, September 15, 2011 6:11 PM >> To: [email protected]; [email protected]; >> [email protected]; [email protected]; [email protected] >> Subject: RE: [Full-disclosure] Microsoft's Binary Planting Clean-Up >> Mission >> >> From your blog: >> >> "While we know there's still a lot of cleaning up to do in their >> binary planting closet, our research-oriented minds remain challenged >> to find new ways of exploiting these critical bugs and bypassing new >> and old countermeasures. In the end, it was our research that got the >> ball rolling and it would be a missed opportunity for everyone's >> security if we didn't leverage the current momentum and keep >> researching. " >> >> I would change that around a bit. I would say "our self-serving and >> marketing-oriented minds remain challenged to understand what security >> really is, but regardless, continue to find ways of trying to convince >> people this represents an actual security threat. In the end, it was >> our research that falsely created security concerns and confusion >> where time was better spent really doing just about anything else, but >> it would have been a missed opportunity to get our names in the media >> to sell our security services." >> >> t >> >>> -----Original Message----- >>> From: [email protected] >>> [mailto:full-disclosure- [email protected]] On >> Behalf Of ACROS >>> Security Lists >>> Sent: Thursday, September 15, 2011 3:05 AM >>> To: [email protected]; [email protected]; >>> [email protected]; [email protected] >>> Subject: [Full-disclosure] Microsoft's Binary Planting >> Clean-Up Mission >>> >>> >>> Our new blog post describes some recent changes Microsoft >> introduced to >>> fight against binary planting exploits. The most recent >> change was the >>> removal of a vulnerable COM server on Windows XP which we >> used in our >>> proof of concept at Hack In The Box Amsterdam in May. >>> >>> Read the post to find out what else is hiding in the "COM >> server binary >>> planting" >>> closet and what to do to get our PoC back to life. >>> >>> http://blog.acrossecurity.com/2011/09/microsofts-binary-plant >> ing-clean- >>> up.html >>> >>> or >>> >>> http://bit.ly/qWyKph >>> >>> Enjoy the reading! >>> >>> >>> Mitja Kolsek >>> CEO&CTO >>> >>> ACROS, d.o.o. >>> Makedonska ulica 113 >>> SI - 2000 Maribor, Slovenia >>> tel: +386 2 3000 280 >>> fax: +386 2 3000 282 >>> web: http://www.acrossecurity.com >>> blg: http://blog.acrossecurity.com >>> >>> ACROS Security: Finding Your Digital Vulnerabilities Before Others Do >>> >>> >>> _______________________________________________ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >> > > CONFIDENTIALITY NOTICE: This email communication and any attachments may > contain confidential > and privileged information for the use of the designated recipients named > above. If you are > not the intended recipient, you are hereby notified that you have received > this communication > in error and that any review, disclosure, dissemination, distribution or > copying of it or its > contents is prohibited. If you have received this communication in error, > please reply to the > sender immediately or by telephone at (617) 426-0600 and destroy all copies > of this communication > and any attachments. For further information regarding Commonwealth Care > Alliance's privacy policy, > please visit our Internet web site at http://www.commonwealthcare.org. > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
