Forwarded from: Marc Maiffret <[EMAIL PROTECTED]> Exactly. I mean people should be happy that Microsoft turns features off by default. However, that should not be the scapegoat that is going to be used in the future for security flaws.
"Well it is not that critical because .asp ISAPI is turned off by default." heh Signed, Marc Maiffret Chief Hacking Officer eEye Digital Security T.949.349.9062 F.949.349.9538 http://eEye.com/Retina - Network Security Scanner http://eEye.com/Iris - Network Traffic Analyzer http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities | -----Original Message----- | From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf | Of InfoSec News | Sent: Tuesday, June 11, 2002 1:23 AM | To: [EMAIL PROTECTED] | Subject: RE: [ISN] Old code in Windows is security threat | | | Forwarded from: Andrew Weaver <[EMAIL PROTECTED]> | | Hmmm... So their "quickfix" is to set the insecure off by default. OK, but | what if I need the feature? Are they going to fix it or not? | | > -----Original Message----- | > From: InfoSec News [SMTP:[EMAIL PROTECTED]] | > Sent: Monday, June 10, 2002 1:13 PM | > To: [EMAIL PROTECTED] | > Subject: [ISN] Old code in Windows is security threat | > | > http://news.com.com/2100-1001-934363.html?tag=fd_top | > | > By Robert Lemos | > Staff Writer, CNET News.com | > June 9, 2002, 11:00 PM PT | > | > Microsoft will more quickly retire old code in its Windows operating | > system and other software as a result of the company's | > four-month-old "trustworthy computing" initiative, the company's | > lead bug basher said in an interview. | > | > The revelation follows last week's warning that a serious | > vulnerability in Microsoft's Internet Explorer occurred in the | > software supporting a decade-old protocol that has rarely been used | > since the World Wide Web became popular. | > | > "A lot of the (coming) design changes are to remove this feature or | > turn that one off by default," said Steve Lipner, director of | > security assurance for Microsoft and the man on the ground for the | > company's trustworthy computing initiative. | | [...] - ISN is currently hosted by Attrition.org To unsubscribe email [EMAIL PROTECTED] with 'unsubscribe isn' in the BODY of the mail.
