[16063] in bugtraq
Posting from Analysys on MS Outlook Buffer Exploit
daemon@ATHENA.MIT.EDU (Elias Levy)
Wed Aug 2 18:08:59 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <20000802150503.B25688@securityfocus.com>
Date: Wed, 2 Aug 2000 15:05:03 -0700
Reply-To: aleph1@SECURITYFOCUS.COM
From: Elias Levy <aleph1@SECURITYFOCUS.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
----- Forwarded message from Jim Warwick <jim.warwick@analysys.com> -----
Message-ID: <011b01bff870$5f658ea0$1001010a@analysys.co.uk>
From: "Jim Warwick" <jim.warwick@analysys.com>
To: <aleph1@securityfocus.com>
Subject: Posting from Analysys on MS Outlook Buffer Exploit
Date: Fri, 28 Jul 2000 09:46:50 +0100
Organization: Analysys Ltd
X-Mailer: Microsoft Outlook Express 5.00.2919.6600
Elias,
could you post the following as our official company response to Chris Paget's contribution on the MS Outlook Email buffer overflow exploits.
Thanks
Jim Warwick
=====================================
I would like to make a response to this thread as Chris Paget's employer.
We were surprised to see that Chris had posted a message suggesting the implementation of an "Antibody" program (designed to propogate patches and security fixes via MS Outlook) which has all the characteristics of a virus.
This is a matter we take seriously, for several reasons. Chris's original posting with the "Antibody" idea was not thought through - he had not taken account of the potential harm that such a program could and would cause the community. Also, the views he expressed were entirely his own, and the association of his personal views with our company is highly misleading - Analysys is undertaking no work in this field.
We have talked with Chris about this, and he appreciates the mistakes of posting the original message. We are certain that this incident results from Chris's over enthusiasm for the idea he had for the "Antibody" program, rather than any malicious intent on his part.
We have also made it clear that Chris should not develop any version of an "Antibody" or derivative program (whether friendly or not).
I hope this will reassure the respondents to Chris's original posting.
Regards
Jim Warwick
Technical Director, Analysys Ltd
----- End forwarded message -----
--
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pacem, para bellum
