BugTraq
Microsoft's Binary Planting Clean-Up Mission Sep 15 2011 10:05AM
ACROS Security Lists (lists acros si) (1 replies)
RE: [Full-disclosure] Microsoft's Binary Planting Clean-Up Mission Sep 15 2011 04:11PM
Thor \(Hammer of God\) (thor hammerofgod com) (1 replies)
RE: [Full-disclosure] Microsoft's Binary Planting Clean-Up Mission Sep 15 2011 07:54PM
ACROS Security Lists (lists acros si)
Hi Thor,

Thank you very much for sharing your point of view. If Microsoft thought the same
though, they probably wouldn't be fixing these bugs. I suppose they don't "understand
what security really is" the same way we don't. ;-)

Regards,
Mitja

> -----Original Message-----
> From: Thor (Hammer of God) [mailto:thor (at) hammerofgod (dot) com [email concealed]]
> Sent: Thursday, September 15, 2011 6:11 PM
> To: security (at) acrossecurity (dot) com [email concealed]; bugtraq (at) securityfocus (dot) com [email concealed];
> full-disclosure (at) lists.grok.org (dot) uk [email concealed]; cert (at) cert (dot) org [email concealed]; si-cert (at) arnes (dot) si [email concealed]
> Subject: RE: [Full-disclosure] Microsoft's Binary Planting
> Clean-Up Mission
>
> From your blog:
>
> "While we know there's still a lot of cleaning up to do in
> their binary planting closet, our research-oriented minds
> remain challenged to find new ways of exploiting these
> critical bugs and bypassing new and old countermeasures. In
> the end, it was our research that got the ball rolling and it
> would be a missed opportunity for everyone's security if we
> didn't leverage the current momentum and keep researching. "
>
> I would change that around a bit. I would say "our
> self-serving and marketing-oriented minds remain challenged
> to understand what security really is, but regardless,
> continue to find ways of trying to convince people this
> represents an actual security threat. In the end, it was our
> research that falsely created security concerns and confusion
> where time was better spent really doing just about anything
> else, but it would have been a missed opportunity to get our
> names in the media to sell our security services."
>
> t
>
> >-----Original Message-----
> >From: full-disclosure-bounces (at) lists.grok.org (dot) uk [email concealed]
> >[mailto:full-disclosure- bounces (at) lists.grok.org (dot) uk [email concealed]] On
> Behalf Of ACROS
> >Security Lists
> >Sent: Thursday, September 15, 2011 3:05 AM
> >To: bugtraq (at) securityfocus (dot) com [email concealed]; full-disclosure (at) lists.grok.org (dot) uk [email concealed];
> >cert (at) cert (dot) org [email concealed]; si-cert (at) arnes (dot) si [email concealed]
> >Subject: [Full-disclosure] Microsoft's Binary Planting
> Clean-Up Mission
> >
> >
> >Our new blog post describes some recent changes Microsoft
> introduced to
> >fight against binary planting exploits. The most recent
> change was the
> >removal of a vulnerable COM server on Windows XP which we
> used in our
> >proof of concept at Hack In The Box Amsterdam in May.
> >
> >Read the post to find out what else is hiding in the "COM
> server binary
> >planting"
> >closet and what to do to get our PoC back to life.
> >
> >http://blog.acrossecurity.com/2011/09/microsofts-binary-plant
> ing-clean-
> >up.html
> >
> >or
> >
> >http://bit.ly/qWyKph
> >
> >Enjoy the reading!
> >
> >
> >Mitja Kolsek
> >CEO&CTO
> >
> >ACROS, d.o.o.
> >Makedonska ulica 113
> >SI - 2000 Maribor, Slovenia
> >tel: +386 2 3000 280
> >fax: +386 2 3000 282
> >web: http://www.acrossecurity.com
> >blg: http://blog.acrossecurity.com
> >
> >ACROS Security: Finding Your Digital Vulnerabilities Before Others Do
> >
> >
> >_______________________________________________
> >Full-Disclosure - We believe in it.
> >Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >Hosted and sponsored by Secunia - http://secunia.com/
>

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus