Forwarded from: Marc Maiffret <marcat_private> Exactly. I mean people should be happy that Microsoft turns features off by default. However, that should not be the scapegoat that is going to be used in the future for security flaws. "Well it is not that critical because .asp ISAPI is turned off by default." heh Signed, Marc Maiffret Chief Hacking Officer eEye Digital Security T.949.349.9062 F.949.349.9538 http://eEye.com/Retina - Network Security Scanner http://eEye.com/Iris - Network Traffic Analyzer http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities | -----Original Message----- | From: owner-isnat_private [mailto:owner-isnat_private]On Behalf | Of InfoSec News | Sent: Tuesday, June 11, 2002 1:23 AM | To: isnat_private | Subject: RE: [ISN] Old code in Windows is security threat | | | Forwarded from: Andrew Weaver <Andrew.Weaverat_private> | | Hmmm... So their "quickfix" is to set the insecure off by default. OK, but | what if I need the feature? Are they going to fix it or not? | | > -----Original Message----- | > From: InfoSec News [SMTP:isnat_private] | > Sent: Monday, June 10, 2002 1:13 PM | > To: isnat_private | > Subject: [ISN] Old code in Windows is security threat | > | > http://news.com.com/2100-1001-934363.html?tag=fd_top | > | > By Robert Lemos | > Staff Writer, CNET News.com | > June 9, 2002, 11:00 PM PT | > | > Microsoft will more quickly retire old code in its Windows operating | > system and other software as a result of the company's | > four-month-old "trustworthy computing" initiative, the company's | > lead bug basher said in an interview. | > | > The revelation follows last week's warning that a serious | > vulnerability in Microsoft's Internet Explorer occurred in the | > software supporting a decade-old protocol that has rarely been used | > since the World Wide Web became popular. | > | > "A lot of the (coming) design changes are to remove this feature or | > turn that one off by default," said Steve Lipner, director of | > security assurance for Microsoft and the man on the ground for the | > company's trustworthy computing initiative. | | [...] - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Jun 12 2002 - 03:39:04 PDT