Peter Laborge, 2005-11-22
Colapse all |
Post comment
Zero-day IE exploit
2005-11-22
Don Parker (1 replies)
Don Parker (1 replies)
Re: Zero-day IE exploit
2005-11-23
Dbtech
Dbtech
Microsoft pay?? For the good of thier customers??
That isn't how they got so rich.. a while back I discovered close to 15 extremly serious issues on various msn.com subdomains. These issues lead to easily hi-jacking of hotmail accounts.
I contacted them, and showed a few of the vulnerabilities...
[ more ] [ reply ]
That isn't how they got so rich.. a while back I discovered close to 15 extremly serious issues on various msn.com subdomains. These issues lead to easily hi-jacking of hotmail accounts.
I contacted them, and showed a few of the vulnerabilities...
[ more ] [ reply ]
Zero-day IE exploit
2005-11-23
Bob (1 replies)
Bob (1 replies)
The key point here was that they were aware of the exploit since May, and have done nothing to fix it. So they should not express such concern that they were not notified first. PR at it's best....
[ more ] [ reply ]
[ more ] [ reply ]
Re: Zero-day IE exploit
2005-11-23
Jason (1 replies)
Jason (1 replies)
You all seem to be missing the point here. It was understood in May that there was a flaw in IE. The worst known vulnerability in that flaw was instability of the browser, considered to be a very low priority, and perhaps not even worth patching in older systems.
This new proof of concept is th...
[ more ] [ reply ]
This new proof of concept is th...
[ more ] [ reply ]
Re: Zero-day IE exploit
2005-11-23
Anonymous (1 replies)
Anonymous (1 replies)
While it may be considered poor practice a lot of vendors act as if it is a rule that all must go by. That is of course a fallacy. Vendors should be tripping over themselves to thank researchers who bother to do so. Where else would you get top-drawer talent to test your apps, and at no cost I might...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Re: Zero-day IE exploit
2005-12-02
Anonymous
Microsoft has access to the source code of Internet Explorer. They were informed of the vunerability 6 months ago, and did not acknowledge it. They chose not to believe that it was remotely explotable. They decided not to even put together a timeframe for releasing a patch.
See http://just...
[ more ] [ reply ]
Anonymous
Microsoft has access to the source code of Internet Explorer. They were informed of the vunerability 6 months ago, and did not acknowledge it. They chose not to believe that it was remotely explotable. They decided not to even put together a timeframe for releasing a patch.
See http://just...
[ more ] [ reply ]
Yet another reason to switch to FireFox
2005-11-23
Mike (1 replies)
Mike (1 replies)
Yet another reason to switch to FireFox, as if there weren't enough reasons already.
"Internet Explorer: Unsafe At Any Speed"
Mike
http://www.quicktrivia.com...
[ more ] [ reply ]
"Internet Explorer: Unsafe At Any Speed"
Mike
http://www.quicktrivia.com...
[ more ] [ reply ]
Re: Yet another reason to switch to FireFox
2005-11-25
Anonymous
Anonymous
Hey Mike, don't you realize that FireFox had it's own critical issues too. Nothing is perfect and will never be. I'm not protecting MS here. I'm using the Mozilla suite because IE has more exploits in the wild than Mozilla at the moment. But this may change and may have to move to another browser, o...
[ more ] [ reply ]
[ more ] [ reply ]
Zero-day IE exploit - it doesn't work for me
2005-11-25
Morc (1 replies)
Morc (1 replies)
I have XP SP2 and instead of opening the Calculator it still crashes. What's up, it's not so critical or not affecting all versions after all?
And a note about MS not fixing the issue when first discovered: if you're a developer and have other more important bugs to fix you leave the ones to the en...
[ more ] [ reply ]
And a note about MS not fixing the issue when first discovered: if you're a developer and have other more important bugs to fix you leave the ones to the en...
[ more ] [ reply ]
Re: Zero-day IE exploit - it doesn't work for me
2005-12-14
Anonymous
Anonymous
This bug isn't always successfull because it relies on some things that you can't control. The memory in wich nops & shellcode are allocated trought prompt() calls isn't fixed but its always over 0x00600000. In order to exploit the bug you have to overwrite 0x006F005B with nops, but sometimes prompt...
[ more ] [ reply ]
[ more ] [ reply ]
Not wanting to downplay the seriousness, but I wouldn't call it zero day
2005-11-29
Roger
Roger
We seem to be overly broadening the meaning of "zero day exploit" here. To me, a zero day exploit is one in which crackers are found to be actively exploiting the flaw on the same day it comes to public knowledge -- thus, it denotes a security crisis which requires immediate intervention.
What we...
[ more ] [ reply ]
What we...
[ more ] [ reply ]
Zero-day?
2005-11-29
Anonous (1 replies)
Anonous (1 replies)
What on earth is "zero-day" about an exploit for a vulnerablity that "was originally announced in May"?
It is too bad that organizations like SecurityFocus (and a number of other "security" vendors) will choose to spew junk marketing that serves the security industry no benefit....
[ more ] [ reply ]
It is too bad that organizations like SecurityFocus (and a number of other "security" vendors) will choose to spew junk marketing that serves the security industry no benefit....
[ more ] [ reply ]
Putting users at risk
2005-12-14
Anonymous
Anonymous
The vulnerability is what puts users at risk. The reporting reduces that risk. The fact that it wasn't 'responsibly disclosed' just means the risk wasn't reduced as much.
I HATE that these huge companies with massive budgets get so much free research and code review. They don't deserve it.
These...
[ more ] [ reply ]
I HATE that these huge companies with massive budgets get so much free research and code review. They don't deserve it.
These...
[ more ] [ reply ]
[ more ] [ reply ]