RE: [ISN] Old code in Windows is security threat

From: InfoSec News (isnat_private)
Date: Wed Jun 12 2002 - 01:03:19 PDT

Next message: InfoSec News: "[ISN] Hacker Gurus Recruit Unsuspecting Youth"

Previous message: InfoSec News: "[ISN] GAO faults Army Corps security"
Maybe in reply to: InfoSec News: "[ISN] Old code in Windows is security threat"
Next in thread: InfoSec News: "RE: [ISN] Old code in Windows is security threat"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Forwarded from: Marc Maiffret <marcat_private>

Exactly. I mean people should be happy that Microsoft turns features
off by default. However, that should not be the scapegoat that is
going to be used in the future for security flaws.

"Well it is not that critical because .asp ISAPI is turned off by
default." heh

Signed,
Marc Maiffret
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9538
http://eEye.com/Retina - Network Security Scanner
http://eEye.com/Iris - Network Traffic Analyzer
http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities

| -----Original Message-----
| From: owner-isnat_private [mailto:owner-isnat_private]On Behalf
| Of InfoSec News
| Sent: Tuesday, June 11, 2002 1:23 AM
| To: isnat_private
| Subject: RE: [ISN] Old code in Windows is security threat
|
|
| Forwarded from: Andrew Weaver <Andrew.Weaverat_private>
|
| Hmmm... So their "quickfix" is to set the insecure off by default. OK, but
| what if I need the feature? Are they going to fix it or not?
|
| > -----Original Message-----
| > From:	InfoSec News [SMTP:isnat_private]
| > Sent:	Monday, June 10, 2002 1:13 PM
| > To:	isnat_private
| > Subject:	[ISN] Old code in Windows is security threat
| >
| > http://news.com.com/2100-1001-934363.html?tag=fd_top
| >
| > By Robert Lemos
| > Staff Writer, CNET News.com
| > June 9, 2002, 11:00 PM PT
| >
| > Microsoft will more quickly retire old code in its Windows operating
| > system and other software as a result of the company's
| > four-month-old "trustworthy computing" initiative, the company's
| > lead bug basher said in an interview.
| >
| > The revelation follows last week's warning that a serious
| > vulnerability in Microsoft's Internet Explorer occurred in the
| > software supporting a decade-old protocol that has rarely been used
| > since the World Wide Web became popular.
| >
| > "A lot of the (coming) design changes are to remove this feature or
| > turn that one off by default," said Steve Lipner, director of
| > security assurance for Microsoft and the man on the ground for the
| > company's trustworthy computing initiative.
|
| [...]



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn'
in the BODY of the mail.

Next message: InfoSec News: "[ISN] Hacker Gurus Recruit Unsuspecting Youth"
Previous message: InfoSec News: "[ISN] GAO faults Army Corps security"
Maybe in reply to: InfoSec News: "[ISN] Old code in Windows is security threat"
Next in thread: InfoSec News: "RE: [ISN] Old code in Windows is security threat"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jun 12 2002 - 03:39:04 PDT