Three sun bulletins are out. One is related to a known issue with Java.
The second is related to a local vulnerability in ping. The third is for
Netscape 7.X on Solaris.
MS04-040 seems to have generated some discussion.
Some readers have reported that the update did not install correctly,
or did not mitigate the IFRAME vulnerability. Other conversations
have involved the timing of the update release. Feel free to chime
in and tell us your thoughts and experiences with this patch.
I installed it via WindowsUpdate and then checked the DLL versions
after a reboot. Lo and behold they were not the correct versions.
There are reports the PoC code may in fact still work. I manually
downloaded and installed the patch and it seems to have worked.
I was not able to do extensive testing.
Anti-spam DDoS = dumb!
This one is my own personal view. I find the anti-spam downloadable
DDoS tool to be without a doubt irresponsible, possibly illegal, sets
a really bad precedent, gives the wrong impression to users, and possibly
the dumbest thing I have heard of this week. Vigilante-ism is not a good
idea. The reasons are just too numerous to list. At least the web site
is no longer available.
Did you know?
ISC handlers are not paid for their work. In fact we are volunteers. These
opinions are my own.
I will be teaching next: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques - SANS Network Security: Virtual Edition 2021
Adrien de Beaupre
Dec 3rd 2004
|Thread locked Subscribe||
Dec 3rd 2004
1 decade ago