Dear all,
Gadi Evron is a brilliant genius, much smarter than Thomas Lim.
J
On Tue, 12 Jun 2007 16:21:56 -0400 [EMAIL PROTECTED] wrote:
On 2007-06-13 02:58+0800, Thomas Lim wrote:
dear all
Dear all, this is not a 0day, it is a public release of a
responsibly
disclosed vulnerability.
Thank
dear all,
thanks for this nice thread.
---
http://www.secgeeks.com
get a blog on SecGeeks :)
register here:-
http://secgeeks.com/user/register
rss feeds :-
http://secradar.com/node/feed
http://www.newskicks.com
Submit and kick for new stories from all around
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] wrote:
On 2007-06-13 02:58+0800, Thomas Lim wrote:
dear all
Dear all, this is not a 0day, it is a public release of a responsibly
disclosed vulnerability.
Yes, indeed it *seems* so:
On 6/13/07, Joanna Rutkowska [EMAIL PROTECTED] wrote:
One (I guess some responsible disclosure purist) could ask why they
waited 6 months before reporting this vulnerability to the vendor? What
were they doing with this exploit for the whole 6 months?
maybe they were waiting for VistaX64 to
On Tue, 12 Jun 2007 [EMAIL PROTECTED] wrote:
Dear all, this is not a 0day
The author never claimed so; in fact, the subject line clearly states it's
a O-day, not a 0-day.
This presumably denotes Saint Onuphrius, commemorated on the day this
advisory got published.
You can now admit to a
What is funny however, is that Microsoft, the great supporter of
responsible disclosure actually is the main sponsor (patron) of the
SyScan conference: http://syscan.org/ which is organized by Thomas.
Maybe it's a sign that Microsoft realized that free responsible
disclosure idea is a bit
dear all
SChannel Off-By-One Heap Corruption
===
Discovery Date:
28th August 2006
Date reported to Microsoft:
19th March 2007
Summary:
The Secure Channel (SChannel) library on WinXP-SP1/SP2 is vulnerable to
a off-by-one heap buffer overwrite. The SChannel
-Original Message-
From: Thomas Lim [EMAIL PROTECTED]
To: full-disclosure@lists.grok.org.uk full-disclosure@lists.grok.org.uk;
[EMAIL PROTECTED] [EMAIL PROTECTED]; [EMAIL PROTECTED] [EMAIL PROTECTED]
Sent: Tue Jun 12 14:58:24 2007
Subject: Windows Oday release
dear all
SChannel
On 2007-06-13 02:58+0800, Thomas Lim wrote:
dear all
Dear all, this is not a 0day, it is a public release of a responsibly
disclosed vulnerability.
Thank you for sharing your research,
Gadi.
SChannel Off-By-One Heap Corruption
===
Discovery Date:
28th