[10931] in bugtraq
Fwd: Information on MS99-022
daemon@ATHENA.MIT.EDU (Vanja Hrustic)
Sat Jul 3 17:38:45 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Message-Id: <4.1.19990704030537.039a6f10@emx>
Date: Sun, 4 Jul 1999 03:49:54 +0700
Reply-To: Vanja Hrustic <vanja@SIAMRELAY.COM>
From: Vanja Hrustic <vanja@SIAMRELAY.COM>
To: BUGTRAQ@NETSPACE.ORG
I haven't seen this on the Bugtraq, but it's very interesting...
--
>Wanted to advise that we are making information available regarding the
>technical details involved in the "Double Byte Code Page" vulnerability
>(http://www.microsoft.com/security/bulletins/ms99-022.asp). We've provided
>a full description to the ICSA, for dissemination within their Intrusion
>Detection Consortium. This will allow security vendors to have access to
>the information that they need to develop scanning tools that will check for
>this attack. However, we are not planning to do a general release of the
>information. If you are running IIS 3.0 or 4.0 on a server whose default
>language is set to Chinese, Japanese, or Korean, you should apply the patch.
>
>Cheers,
>
>Secure@microsoft.com
--
So, if I have my custom-developed IDS running, I won't be able to implement
a pattern for this, because I am not a member of 'Intrusion Detection
Consortium'?
Note the words...
"This will allow security vendors to have access to the information..." -
why only security vendors? What better they are than Bugtraq folks?
"Security through obscurity" comes to mind...
Vanja
