To be specific, it actually doesn't require a client cert in the strictest
sense. You can configure certificate parameters on the server in such a way
that certificate trust chains must be honored (close enough) but if you want
true client authentication based on a certificate, you would have
On 6/10/2010 9:10 AM, Thor (Hammer of God) wrote:
To be specific, it actually doesn't require a client cert in the
strictest sense.
But I thought it could be configured to require a client cert?
You can configure certificate parameters on the
server in such a way that certificate trust
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:113
http://www.mandriva.com/security/
I'm not an enterprise customer, but I am a mouthy female. So here's my
question back to you, for my education, how exactly did MSRC contact you
back?
Since June 5th have you tried emailing back or any of your contacts from
past interactions and asked what was up? I'm disappointed in this
So, with TSG things are a bit different. You don't have to have a client cert,
but in order to connect to TSG you have to have the MSFT 6.1+ RDP client. As
such, the client can test the server's cert and see if you (the client) trusts
it. If not, you can't connect.
This differs from a
Hey Jeffery - sorry for the top post reply... What I was saying (in response
to Larry) is that the require a VPN to connect first doesn't necessarily buy
you anything from a security perspective as opposed to directly publishing
terminal services.What I meant to say (though I didn't
I'm not asking about disclosure. I'm asking what happened to the level
of communication between you and MSRC that after 4 days you posted this?
Tavis Ormandy wrote:
Susan, I wish I had the time to hold your hand through getting up to
speed on the disclosure debate. Instead, I would suggest
Nope Mr. Live, other than dealing with .NET updates and a 982331 that
keeps wanting to have UAC turned off on some Win7/Vistas to get
installed, this is just my normal calm, try to also consider the
consumers and patchers viewpoint person today.
musnt live wrote:
On Thu, Jun 10, 2010 at
You commented that Microsoft needs to address a communication problem.
It's irrelevant to the full disclosure issue in my mind.
I'd honestly like to know if there is a break down in communication at
the MSRC that needs to be addressed. It appears there is one?
Tavis Ormandy wrote:
Susan,
Susan, if you want my advise, don't even bother with Mr Live.
Cheers.
On Thu, Jun 10, 2010 at 6:26 PM, Susan Bradley sbrad...@pacbell.net wrote:
You commented that Microsoft needs to address a communication problem.
It's irrelevant to the full disclosure issue in my mind.
I'd honestly
Tavis,
Nice find, but during our analysis we discovered that your hotfix
unfortunately is inadequate.
For more information see:
http://secunia.com/blog/103/
Removing the HCP URI handler seems like the only proper workaround as of
now.
/Thomas
On Thu, 2010-06-10 at 01:46 +0200, Tavis Ormandy
iDefense Security
Advisory 06.10.10
http://labs.idefense.com/intelligence/vulnerabilities/
Jun 10, 2010
I. BACKGROUND
Adobe Flash Player is a very popular Web browser plugin. It is available
for multiple Web browsers and platforms, including Windows, Linux and
MacOS. Flash Player enables Web
ZDI-10-107: Multiple Sourcefire Products Static Web SSL Keys Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-107
June 10, 2010
-- Affected Vendors:
Sourcefire
-- Affected Products:
Sourcefire 3D Sensor 1000
Sourcefire 3D Sensor 2000
Sourcefire 3D Sensor 9900
Sourcefire Defense
iDefense Security
Advisory 06.10.10
http://labs.idefense.com/intelligence/vulnerabilities/
Jun 10, 2010
I. BACKGROUND
Adobe Flash Player is a very popular Web browser plugin. It is available
for multiple Web browsers and platforms, including Windows, Linux and
MacOS. Flash Player enables Web
On 10 Jun 2010 at 9:30, Marsh Ray wrote:
On 6/10/2010 9:10 AM, Thor (Hammer of God) wrote:
To be specific, it actually doesn't require a client cert in the
strictest sense.
But I thought it could be configured to require a client cert?
Some users would probably be content using stunnel
iDefense Security Advisory 06.07.10
http://labs.idefense.com/intelligence/vulnerabilities/
Jun 07, 2010
I. BACKGROUND
WebKit is an open source web browser engine. It is currently used by
Apple Inc.'s Safari browser, as well as by Google's Chrome browser. For
more information, see the vendor's
16 matches
Mail list logo