Re: [Full-disclosure] WMF round-up, updates and de-mystification

2006-01-05 Thread Scott Renna
You should read the section entitled FAQ: How does the extended support for Windows 98, Windows 98 Second Edition, and Windows Millennium Edition affect the release of security updates for these operating systems? For these versions of Windows, Microsoft will only release security updates for

Re: [Full-disclosure] WMF round-up, updates and de-mystification

2006-01-05 Thread Anthony R. Nemmer
Microsoft just released patches for this vulnerability: http://www.microsoft.com/technet/security/bulletin/ms06-001.mspx Unfortunately there are no Microsoft patches for this critical exploit for Win 98, Win 98 SE, or Win 98 ME. Millions of people still use these operating systems. Why didn'

Re: [Full-disclosure] WMF round-up, updates and de-mystification

2006-01-05 Thread InfoSecBOFH
Listen here Larry... stick to helping bullshit infosec companies use you to pimp their products. I have specific examples but have no reason or motivation to share them with the likes of fuckbag reporters like you. You think that because some so called security company isnt reporting it makes it

Re: [Full-disclosure] WMF round-up, updates and de-mystification

2006-01-05 Thread InfoSecBOFH
Try some english as a second language courses fuckbag On 1/3/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > he try to be good , but everyone remember his shit talks firing about > netdev & cie , nice try .. > > InfoSecBOFH wrote: > > So this

Re: [Full-disclosure] WMF round-up, updates and de-mystification

2006-01-05 Thread InfoSecBOFH
lto:[EMAIL PROTECTED] > Sent: Tuesday, January 03, 2006 6:35 AM > To: Gadi Evron > Cc: bugtraq@securityfocus.com; FunSec [List]; > full-disclosure@lists.grok.org.uk > Subject: Re: [Full-disclosure] WMF round-up, updates and de-mystification > > So this patch is trusted beca

Re: [Full-disclosure] WMF round-up, updates and de-mystification

2006-01-04 Thread Crist J. Clark
On Tue, Jan 03, 2006 at 06:49:53AM -0500, Larry Seltzer wrote: [snip] > All that said, it's clear to me that the rush to adopt this patch is > precipitous. For instance, it's largely unnecessary on Windows 9x, NT, and > 2K, unless you rely on a specifically vulnerable app, like Notes. I have seen

e: [funsec] RE: [Full-disclosure] WMF round-up, updates and de-mystification]

2006-01-03 Thread Matthew Murphy
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Peter Ferrie wrote: >>In this URL you can find the best write-up I have seen on the WMF issue: >>http://blogs.securiteam.com/index.php/archives/167 >>By Matthew Murphy at the "Securiteam Blogs". > > > And yet, he calls it a bug, which it isn't. >

Re: [Full-disclosure] WMF round-up, updates and de-mystification

2006-01-03 Thread [EMAIL PROTECTED]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 he try to be good , but everyone remember his shit talks firing about netdev & cie , nice try .. InfoSecBOFH wrote: > So this patch is trusted because you said so? > > I have tested and confirmed that this patch only works in specific > scnenarios an

Re: [Full-disclosure] WMF round-up, updates and de-mystification

2006-01-03 Thread gat0r
If you are still running windows 98 or ME, you are just plain wrong... On 1/3/06 11:35 AM, "Nancy Kramer" <[EMAIL PROTECTED]> wrote: > Hello All, > > I went to the patch site mentioned although I am currently running a > version of Windows it supposedly cannot help. Down loaded and ran the >

RE: [Full-disclosure] WMF round-up, updates and de-mystification

2006-01-03 Thread Peter Ferrie
>In this URL you can find the best write-up I have seen on the WMF issue: >http://blogs.securiteam.com/index.php/archives/167 > >By Matthew Murphy at the "Securiteam Blogs". And yet, he calls it a bug, which it isn't. It's actually a feature, i

Re: [Full-disclosure] WMF round-up, updates and de-mystification

2006-01-03 Thread InfoSecBOFH
On 1/3/06, Gadi Evron <[EMAIL PROTECTED]> wrote: > A small BUT IMPORTANT correction for future generations: > The 0day was originally found and reported by Hubbard Dan from Websense > on a closed vetted security mailing list, and later on at the Websense > public page. All those who took credit fo

Re: [Full-disclosure] WMF round-up, updates and de-mystification

2006-01-03 Thread InfoSecBOFH
So this patch is trusted because you said so? I have tested and confirmed that this patch only works in specific scnenarios and does not mitigate the entire issue. Variations still work. On 1/3/06, Gadi Evron <[EMAIL PROTECTED]> wrote: > Quite a bit of confusing and a vast amount of information

Re: [Full-disclosure] WMF round-up, updates and de-mystification

2006-01-03 Thread Nancy Kramer
Hello All, I went to the patch site mentioned although I am currently running a version of Windows it supposedly cannot help. Down loaded and ran the vulnerability check program there expecting it to say that my system is vulnerable. Interestingly it said it was not vulnerable. I run Free

[Full-disclosure] WMF round-up, updates and de-mystification

2006-01-03 Thread Gadi Evron
Quite a bit of confusing and a vast amount of information coming from all directions about the WMF 0day. Here are some URL's and generic facts to set us straight. The "patch" by Ilfak Guilfanov works, but by disabling a DLL in Windows. So far no problems have been observed by anyone using this