RE: How Visual Studio Makes Your Applications Vulnerable to Binary Planting

through other vectors). Plenty of developers use Visual Studio to create non-MFC applications. And at least a few of us use Microsoft toolchains and libraries without the enormous pile of VS overhead. (Whether there's anyone in the latter group who uses MFC is another question.) -- Michael Wojcik

RE: Ghostscript 8.64 executes random code at startup

name be overridden by an environment variable. -- Michael Wojcik Principal Software Systems Developer, Micro Focus

RE: Samba Remote Zero-Day Exploit

From: Stefan Kanthak [mailto:stefan.kant...@nexgo.de] Sent: Monday, 08 February, 2010 16:33 Michael Wojcik wrote: From: Stefan Kanthak [mailto:stefan.kant...@nexgo.de] Sent: Saturday, 06 February, 2010 08:21 Since Windows 2000 NTFS supports junctions, which pretty much resemble

RE: Samba Remote Zero-Day Exploit

, via Services for Unix; but at least in SFU 2.0, symlinks were just files with a special format, not reparse points.) The Windows SMB server apparently won't cross reparse points, though, so there's no equivalent vulnerability. -- Michael Wojcik Principal Software Systems Developer, Micro Focus

RE: Sun M-class hardware denial of service

, but not necessarily in others, can 1) force that domain down for an extended time, and/or 2) force all domains down. Privilege isn't an absolute; there are degrees of privilege, and this bug lets a user do more damage than their degree of privilege should allow. -- Michael Wojcik Principal Software

RE: Arbitrary Code Execution in Commands: K, Control-], g]

/6ad2d5b50a96668e [2] http://groups.google.com/group/vim_dev/browse_thread/thread/14 34d0812b5c817e/6ad2d5b50a96668e [3] http://groups.google.com/group/vim_dev/msg/dd32ad3a84f36bb2 -- Michael Wojcik Principal Software Systems Developer, Micro Focus

RE: AS/400 Vulnerabilities

implications, and the '400 has shown that they're commercially viable. Intel's early effort at a capability architecture (the 432) died because it couldn't compete on performance, but the long life of the '400 suggests that perhaps the time is right to try again. -- Michael Wojcik Principal

RE: Securify bulletin: Microsoft Active Directory Denial-of-service

-SSL. -- Michael Wojcik Principal Software Systems Developer, Micro Focus

RE: function sleep() in all versions of PHP

? -- Michael Wojcik Principal Software Systems Developer, Micro Focus

RE: Recent Web Hacks: WHID update for Janury 30th 2008

. -- Michael Wojcik Principal Software Systems Developer, Micro Focus

RE: Solaris telnet vulnberability - how many on your network?

? What about login -z asdfasdf? (I know what they do on a couple of older Solaris boxes I happen to have, but I'll leave this as an exercise for the reader.) -- Michael Wojcik Principal Software Systems Developer, Micro Focus

RE: Firefox: about:blank is phisher's best friend

, produced a window with the title about: - Google - Mozilla Firefox on my test system (once I had NoScript temporarily allow Javascript from your site). I don't know offhand why I got the about: - prefix; perhaps because NoScript disables Javascript from about:blank by default? -- Michael Wojcik

RE: [BLACKLIST] [Full-disclosure] Solaris telnet vulnberability - how many on yournetwork?

sure it was known well before then. -- Michael Wojcik Principal Software Systems Developer, Micro Focus

RE: [VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems

in popular languages for managing concurrency, such as explicit exclusive control of shared resources, help, but they leave far too much to some of the least reliable parts of the system - the coder's attention, memory, and imagination. -- Michael Wojcik Principal Software Systems Developer, Micro

RE: gcc 4.1 bug miscompiles pointer range checks, may place you at risk

be infelicitous, but it is not, properly speaking, a bug. -- Michael Wojcik Principal Software Systems Developer, Micro Focus

RE: Microsoft Windows CreateRemoteThread Exploit

successfully open a security-critical process has already won. -- Michael Wojcik Principal Software Systems Developer, Micro Focus

RE: Observation on randomization/rebiasing...

convincing users and programmers to adopt even its uncontroversial recommendations; I doubt you'll get any traction with this one. Michael Wojcik Principal Software Systems Developer, Micro Focus

RE: When scrubbing secrets in memory doesn't work

prompted more discussion than it warrants. There is a portable way to prevent the dead-store-elimination problem, but that's only one of scrubbing's many failings. Michael Wojcik Principal Software Systems Developer, Micro Focus

RE: When scrubbing secrets in memory doesn't work

Reposted. -Original Message- From: Michael Wojcik Sent: Wednesday, November 06, 2002 12:25 AM To: 'Michael Howard' Cc: [EMAIL PROTECTED] Subject: RE: When scrubbing secrets in memory doesn't work From: Michael Howard [mailto:mikehow;microsoft.com] Sent: Tuesday, November 05

RE: Messenger/Hotmail passwords at risk

== pw-2] H(password || pad || known-string || password) [pad pw to full block] The simplest of these, in terms of retrofitting existing systems that use one of the constructions Ishikawa mentions, is H(password || H(password || known-string)) Michael Wojcik [EMAIL

Re: Invisible file extensions on Windows

r their names, but that's a small price to pay for actually being able to see what's going on. Michael Wojcik [EMAIL PROTECTED] MERANT Department of English, Miami University