On Wed, Jan 04, 2006 at 05:58:16PM -0500,
[EMAIL PROTECTED] [EMAIL PROTECTED] wrote
a message of 46 lines which said:
How many times do you propose we FTDT before we get fed up and ask
upper management to authorize a migration to some other software
with a better record? And how many more
Indeed. It's the security equivalent of the market can stay irrational
longer than you can stay solvent - perhaps we could reformulate that
as the users can remain clueless longer than your business can survive
the DDOSOn 1/5/06, Stephane Bortzmeyer [EMAIL PROTECTED] wrote:
On Wed, Jan 04, 2006 at
On Wed, 4 Jan 2006, Fred Heutte wrote:
My observation had more to do with the posturing of the security
vendors (anti-virus, firewall, IDS, etc.) and the broad range of
highly important experts who are all clamoring for attention on
this and on all the other everyday security issues out
At 01:40 AM 1/5/2006, Thomas Kuehling wrote:
Hi Eric
Am Mittwoch, den 04.01.2006, 08:14 -0800 schrieb Eric Frazier:
Hi,
I finally decided this was serious enough to do something about it sooner
than the MS patch, but while this seems to be the official link to the
SANS
patch
At 12:54 PM 1/5/2006, you wrote:
Thanks Thomas, something really useful. One thing I am still curious
about, I read that there were other image formats can be used in an
exploit, GIF, .BMP, .JPG, .TIF can also be used, according to
F-Secure. I find this a little confusing, if that dll only
Howdy,
Here is the link to the unofficial patches creators site.
http://www.hexblog.com/ This is the one sans links to.
Sans seems to be having a hard day.. No Dshield mailings today either..
Isc.sans.org is sporadic as well..
Brance :)_S
-Original Message-
From: [EMAIL PROTECTED]
On Wed, 4 Jan 2006, Brance Amussen wrote:
Howdy,
Here is the link to the unofficial patches creators site.
http://www.hexblog.com/ This is the one sans links to.
Sans seems to be having a hard day.. No Dshield mailings today either..
Isc.sans.org is sporadic as well..
According to
Ilfak's server was overwhelmed -- the temporary 'path' is
not being hosted by CastleCops:
http://www.castlecops.com/forums.html
- ferg
-- Steve Sobol [EMAIL PROTECTED] wrote:
On Wed, 4 Jan 2006, Brance Amussen wrote:
Howdy,
Here is the link to the unofficial patches creators site.
not true
since we're educating folk who don't read all the standard security lists
and blogs, ...
from sans some hours ago
lfak's site is back, reduced to the bare minimum as it had very
high load. If you still can't reach it's possible that there is
some caching between you/your
On Wed, 4 Jan 2006, Fergie wrote:
Ilfak's server was overwhelmed -- the temporary 'path' is
not being hosted by CastleCops:
http://www.castlecops.com/forums.html
Just explain to your users the difference between clicking on links on the
site and other fix your PC links on the page which
More info. This seems pretty reasonable:
http://castlecops.com/a6445-WMF_Exploit_FAQ.html
Steve Gibson is also mirroring Guilfanov's bypass, and says
Microsoft's cryptographically signed but unreleased patch
is floating around the net now:
http://www.grc.com/sn/notes-020.htm
In my reading
On Wed, 04 Jan 2006 13:36:53 PST, Fred Heutte said:
In my reading this is a serious vulnerability, but the self-
inflating agitation in the security community has reached
a highly annoying level. I'm in the FTDT (fix the damn thing)
school; let's deal with it and get on with it. Every
I understand the frustration Valdis has with the Microsoft situation.
I've done my share of patching and updating and crawling under
desks and wrestling with Exchange Server and all the rest,
and fortunately (for my sanity) I'm not managing a few dozen
M$ desktops anymore.
My observation had
A few dozen?
Try 10,000. Or 20,000. Or more.
Believe me -- I am glad I'm a network plumber -- I don't envy
the administrative job of managing an enterpise boat-load of MS
desktops -- it's a nightmare.Bbut it would perhaps be more of a
nightmare if they were not MS.
I've seen the scope
And if we can convince the PHBs that moving off of Windows is
(1) feasible, which is obvious; (2) manageable for them
(3) they won't end up like Peter Quinn
http://www.theregister.co.uk/2005/12/29/mass_odf_cio/
brandon
I understand the frustration Valdis has with the Microsoft situation.
I've done my share of patching and updating and crawling under
desks and wrestling with Exchange Server and all the rest,
and fortunately (for my sanity) I'm not managing a few dozen
M$ desktops anymore.
My
Martin Hannigan quoth:
Internet security problems at large haven't even reached the break
of dawn yet. Wait until every phone, toaster, baby intensive care
sensor, and car is hooked up.
Indeed, depending on how you look at it, Vint Cerf's formulation,
IP on everything, is either a promise
Martin Hannigan quoth:
Internet security problems at large haven't even reached the break
of dawn yet. Wait until every phone, toaster, baby intensive care
sensor, and car is hooked up.
Indeed, depending on how you look at it, Vint Cerf's formulation,
IP on everything, is
18 matches
Mail list logo