-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Jan 20, 2010 at 2:20 PM, Juha-Matti Laurio <[email protected]> wrote:
> F-Secure's Hyppönen said they were wrong: > "Updated to add: We were wrong, the attack was done with an IE 0-day > attack instead." > > http://www.f-secure.com/weblog/archives/00001854.html > > And > http://blogs.adobe.com/conversations/2010/01/idefense_putting_speculation > s.html > > http://blogs.verisign.com/idefense/ > > Juha-Matti > I've got to agree with Joe Stewart here: "Stewart also said that he believes some of the companies compromised in this set of attacks may have been hit with exploits other than the Internet Explorer zero day that Microsoft is planning to fix with an emergency patch on Thursday." http://threatpost.com/en_us/blogs/aurora-attack-malware-components-may-be-f our-years-old-012010 While it may be true that Google, Adobe, et al., may have been exploited by the IE 0-Day, it is clearly evident to me that other organizations were targeted with malicious PDFs. $.02, - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFLV4NYq1pz9mNUZTMRAmWqAJ0XHLKjKMCaHLs0Guv4wNDfAuerCgCgydEs OKfH5VzKuz/a+MmSbUbGOVE= =majC -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
