[41982] in bugtraq
Interview: Ilfak Guilfanov
daemon@ATHENA.MIT.EDU (Matthew Murphy)
Thu Jan 5 22:21:37 2006
Message-ID: <43BC3C41.2090008@kc.rr.com>
Date: Wed, 04 Jan 2006 15:21:05 -0600
From: Matthew Murphy <mattmurphy@kc.rr.com>
MIME-Version: 1.0
To: bugtraq@securityfocus.com
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms060405050304020402060201"
This is a cryptographically signed message in MIME format.
--------------ms060405050304020402060201
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
With all the misinformation and theorizing going around, I figured the
community might be interested in some... you know, accurate information.
It's really refreshing, sometimes.
So, SecuriTeam blogs has posted an interview with Ilfak Guilfanov
(author of the interim fix for the WMF vulnerability) about all things
WMF. We covered in detail, three main topics:
* The nature of the vulnerability
* The details of Ilfak's interim fix
* The other workarounds that are available
The URL for that blog post is:
http://blogs.securiteam.com/index.php/archives/176
A big thanks is in order to Ilfak for taking the time to do the interview.
- --
"Social Darwinism: Try to make something idiot-proof,
nature will provide you with a better idiot."
-- Michael Holstein
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
iD8DBQFDvDxAfp4vUrVETTgRA+5PAJ9DklSdoyGJ8Xcz+vhktVVJV3AEsgCdEXSS
nf81c+gE53i440AxIOdRGSg=
=z2gq
-----END PGP SIGNATURE-----
--------------ms060405050304020402060201
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJ8zCC
Az8wggKooAMCAQICAQ0wDQYJKoZIhvcNAQEFBQAwgdExCzAJBgNVBAYTAlpBMRUwEwYDVQQI
EwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UEChMRVGhhd3RlIENv
bnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24xJDAi
BgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJARYccGVy
c29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTAeFw0wMzA3MTcwMDAwMDBaFw0xMzA3MTYyMzU5
NTlaMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBM
dGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQTCBnzAN
BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxKY8VXNV+065yplaHmjAdQRwnd/p/6Me7L3N9Vvy
Gna9fww6YfK/Uc4B1OVQCjDXAmNaLIkVcI7dyfArhVqqP3FWy688Cwfn8R+RNiQqE88r1fOC
dz0Dviv+uxg+B79AgAJk16emu59l0cUqVIUPSAR/p7bRPGEEQB5kGXJgt/sCAwEAAaOBlDCB
kTASBgNVHRMBAf8ECDAGAQH/AgEAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwudGhh
d3RlLmNvbS9UaGF3dGVQZXJzb25hbEZyZWVtYWlsQ0EuY3JsMAsGA1UdDwQEAwIBBjApBgNV
HREEIjAgpB4wHDEaMBgGA1UEAxMRUHJpdmF0ZUxhYmVsMi0xMzgwDQYJKoZIhvcNAQEFBQAD
gYEASIzRUIPqCy7MDaNmrGcPf6+svsIXoUOWlJ1/TCG4+DYfqi2fNi/A9BxQIJNwPP2t4WFi
w9k6GX6EsZkbAMUaC4J0niVQlGLH2ydxVyWN3amcOY6MIE9lX5Xa9/eH1sYITq726jTlEBpb
NU1341YheILcIRk13iSx0x1G/11fZU8wggNUMIICvaADAgECAgMPac0wDQYJKoZIhvcNAQEE
BQAwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0
ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA1
MDkwMjIwNDAwNVoXDTA2MDkwMjIwNDAwNVowgZQxHzAdBgNVBAMTFlRoYXd0ZSBGcmVlbWFp
bCBNZW1iZXIxIzAhBgkqhkiG9w0BCQEWFG1hdHRtdXJwaHlAa2MucnIuY29tMR8wHQYJKoZI
hvcNAQkBFhBtcm01NjVzQHNtc3UuZWR1MSswKQYJKoZIhvcNAQkBFhxNYXR0aGV3MDA3QE1p
c3NvdXJpU3RhdGUuZWR1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs9KzYUk0
0k7m341UkZdC1MJvPEhyqEgX6fy6CEqoD6oSKCUK5jqVYOO2xGgHv43mHtLMYb1XzWv+DU3P
SJcEVSQxZRXSAK3XWcr8eS1HeK4HScr3KYwIzJoP4cFkPCBd59AVILY3j82DZLyIVbNDvX8S
Zw6VitSnmbSX7CM2mKr8AQ7nhwUEi/WzfIxOMp2WHxpYW4chK9bo4fdxUlGg+h6Ji6HrIkHS
N4jkmHDTEqByZzxZj/rhlxXhPMbzR0mAkZPFVOU+kytecxlahK4sH4egxMgUqlyR01z9Yn+L
DE4rxpIZoDfXBqm0LkSTn3Les+ETxu6SDVEZKKbekcU/VQIDAQABo2EwXzBPBgNVHREESDBG
gRRtYXR0bXVycGh5QGtjLnJyLmNvbYEQbXJtNTY1c0BzbXN1LmVkdYEcTWF0dGhldzAwN0BN
aXNzb3VyaVN0YXRlLmVkdTAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBAUAA4GBAFlgmmxY
Pc1K1wg3JyVJNulCHvHKvaw2zmWgpuBDijSZhZ0GPheKZa/je0oJvqp897AfH9f1tSykdHm2
VcA5QdFN1JFb8AlJDXq68G2MYgQfMyhiAWfhhfCO694JfJqVaY5onDvfMxD0JpbzD60Efc/6
l1C2IO0zBuzFuho9XvQiMIIDVDCCAr2gAwIBAgIDD2nNMA0GCSqGSIb3DQEBBAUAMGIxCzAJ
BgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYD
VQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQTAeFw0wNTA5MDIyMDQw
MDVaFw0wNjA5MDIyMDQwMDVaMIGUMR8wHQYDVQQDExZUaGF3dGUgRnJlZW1haWwgTWVtYmVy
MSMwIQYJKoZIhvcNAQkBFhRtYXR0bXVycGh5QGtjLnJyLmNvbTEfMB0GCSqGSIb3DQEJARYQ
bXJtNTY1c0BzbXN1LmVkdTErMCkGCSqGSIb3DQEJARYcTWF0dGhldzAwN0BNaXNzb3VyaVN0
YXRlLmVkdTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALPSs2FJNNJO5t+NVJGX
QtTCbzxIcqhIF+n8ughKqA+qEiglCuY6lWDjtsRoB7+N5h7SzGG9V81r/g1Nz0iXBFUkMWUV
0gCt11nK/HktR3iuB0nK9ymMCMyaD+HBZDwgXefQFSC2N4/Ng2S8iFWzQ71/EmcOlYrUp5m0
l+wjNpiq/AEO54cFBIv1s3yMTjKdlh8aWFuHISvW6OH3cVJRoPoeiYuh6yJB0jeI5Jhw0xKg
cmc8WY/64ZcV4TzG80dJgJGTxVTlPpMrXnMZWoSuLB+HoMTIFKpckdNc/WJ/iwxOK8aSGaA3
1waptC5Ek59y3rPhE8bukg1RGSim3pHFP1UCAwEAAaNhMF8wTwYDVR0RBEgwRoEUbWF0dG11
cnBoeUBrYy5yci5jb22BEG1ybTU2NXNAc21zdS5lZHWBHE1hdHRoZXcwMDdATWlzc291cmlT
dGF0ZS5lZHUwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQBZYJpsWD3NStcINycl
STbpQh7xyr2sNs5loKbgQ4o0mYWdBj4XimWv43tKCb6qfPewHx/X9bUspHR5tlXAOUHRTdSR
W/AJSQ16uvBtjGIEHzMoYgFn4YXwjuveCXyalWmOaJw73zMQ9CaW8w+tBH3P+pdQtiDtMwbs
xboaPV70IjGCAzswggM3AgEBMGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBD
b25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFp
bCBJc3N1aW5nIENBAgMPac0wCQYFKw4DAhoFAKCCAacwGAYJKoZIhvcNAQkDMQsGCSqGSIb3
DQEHATAcBgkqhkiG9w0BCQUxDxcNMDYwMTA0MjEyMTA1WjAjBgkqhkiG9w0BCQQxFgQUgpBx
FpLrFe+BejqKJVgj/8K3YfgwUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG
9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgweAYJKwYB
BAGCNxAEMWswaTBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcg
KFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3Vpbmcg
Q0ECAw9pzTB6BgsqhkiG9w0BCRACCzFroGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRo
YXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBG
cmVlbWFpbCBJc3N1aW5nIENBAgMPac0wDQYJKoZIhvcNAQEBBQAEggEAgNLC2c6u6HgnByIW
065w5n/j6OX034RDDgX/eoGw030iNhEf9FX4G2h/Z6qYghy6W3hUwRtirBntBEtyOfEtmOss
DdPW+TDWVFK3MZKEjIUK0c406v0V4bhJslaiv3q8DPmxvvy0sqBTkuGrc2qYMAA/71AKm8ps
OKHHFFmLRyE+8ICbfYN+GtGtatG5mBZPyr1FtstBMK46Vf9+enao8kcpv39XZKNzq96tqhnM
yh18OlkA+W8kfkGKCe0AVM8KeJ0i6lsv3zUrMLoJ43lQ2zswdkW69y/RRLYNWypESL2BtD7G
z9ivn01/AF9uF0IIpkILWe53MrTFBJbR2NypyAAAAAAAAA==
--------------ms060405050304020402060201--
