[87691] in North American Network Operators' Group
RE: WMF patch
daemon@ATHENA.MIT.EDU (Fred Heutte)
Wed Jan 4 16:37:35 2006
From: Fred Heutte <aoxomoxoa@sunlightdata.com>
To: <nanog@nanog.org>
Date: Wed, 4 Jan 2006 13:36:53 -0800
Errors-To: owner-nanog@merit.edu
More info. This seems pretty reasonable:
http://castlecops.com/a6445-WMF_Exploit_FAQ.html
Steve Gibson is also mirroring Guilfanov's bypass, and says
Microsoft's cryptographically signed but unreleased patch
is floating around the net now:
http://www.grc.com/sn/notes-020.htm
In my reading this is a serious vulnerability, but the self-
inflating agitation in the "security community" has reached
a highly annoying level. I'm in the FTDT (fix the damn thing)
school; let's deal with it and get on with it. Every cycle spent=
moaning about the faults of Microsoft is a lost opportunity
for something more productive.
Back to /usr/lurk . . .
regards,
Fred
-----------------
>
>On Wed, 4 Jan 2006, Brance Amussen wrote:
>
>>
>> Howdy,
>> Here is the link to the unofficial patches creators site.
>> http://www.hexblog.com/ This is the one sans links to.
>> Sans seems to be having a hard day.. No Dshield mailings today=
either..
>> Isc.sans.org is sporadic as well..
>
>According to isc.sans.org, hexblog.com was down due to bandwidth=
issues
>earlier. See the isc.sans.org homepage for details on alternate=
ways to
>get to it.
>
