Attacks prompt third parties to fix flaw

Discussion in 'Security Software' started by imhotep, Oct 3, 2006.

  1. imhotep

    imhotep Guest

    Attacks prompt third parties to fix flaw

    Attacks targeting the latest flaw in Microsoft's operating system have
    convinced two groups to release temporary fixes to protect users while the
    software giant develops its own patch.

    The attacks attempt to exploit the Windows Shell vulnerability acknowledged
    by Microsoft last week, according to the SANS' Internet Storm Center, which
    raised its alert level to Yellow after the organization's handlers received
    reports of a significant number of attacks.

    Two groups have published software tools to protect against attacks that
    attempt to exploit the Windows Shell vulnerability. Security professionals
    who previously formed the Zeroday Emergency Response Team (ZERT) published
    on Saturday an update for a custom security tool aimed at protecting users
    temporarily from the attacks. Security firm Determina has also developed a
    software patch that will protect users against the attacks.


    http://www.securityfocus.com/brief/318

    Imhotep
     
    imhotep, Oct 3, 2006
    #1
    1. Advertisements

  2. imhotep

    Leythos Guest

    I fixed your posting headers so that people that were following the
    thread could properly reply after your broken follow-up method.
     
    Leythos, Oct 3, 2006
    #2
    1. Advertisements

  3. imhotep

    Dan W. Guest

    Fantastic, thank you Leythos. I was always wondering why I could never
    reply to Imhotep.
     
    Dan W., Oct 3, 2006
    #3
  4. imhotep

    Dan W. Guest

    <snip>

    test reply to Imhotep

    Dan W.

    Computer User
     
    Dan W., Oct 3, 2006
    #4
  5. Of course, whether or not your post makes it to Imhotep, the end result is
    the same.
     
    karl levinson, mvp, Oct 3, 2006
    #5
  6. Hi Imhotep,

    This is very helpful, and led me to this Microsoft URL

    http://www.microsoft.com/technet/security/advisory/926043.mspx

    Can you believe this article reads almost the same as the first ever
    exploit of ActiveX within the Outlook Express reading pane back in year
    2000. Microsoft have learned NOTHING in five years.

    Who wants to bet whether we'll see this same kind of nonsense under Vista?
     
    Gerry Hickman, Oct 3, 2006
    #6
  7. imhotep

    imhotep Guest



    Not my fault your newsgroup reader does not work correctly...but thanks
    anyway...
     
    imhotep, Oct 4, 2006
    #7
  8. imhotep

    Leythos Guest

    Why do you reply in all the groups, but want people to only reply in one
    of the groups?
     
    Leythos, Oct 4, 2006
    #8
  9. imhotep

    imhotep Guest

    Well I already told you but fair is fair. You asked an honest question and I
    will answer it *one* more time. Although, It would be more approiate to
    take this offline...


    I usually only post alert type messages that are security related unless I
    come across something that I can help with (replying to someone's
    question). When I post one of these alert type messages it usually is to
    many news groups related to the topic (like this one "Attacks prompt third
    parties to fix flaw"). However, I have over 20+ newsgroups that I *try* to
    check every couple of days or so. Many times someone will reply incorrectly
    (reply to one of the newsgroups I do not frequently check) and as such I
    might not see their reply for days or more. Now, I assume that if someone
    is replying to me they actually want me to read their post. Since I do not
    have the time anymore to go to all of the newsgroups daily like I used to,
    I set the "Followup-To" to a newsgroup that I do check regularly. That way
    I will see their reply in a timely fashion *without* having to look at
    every newsgroup every night. It is just too much.

    Now, as I said before you are in full control on how you reply. If you reply
    to me make sure that at least one message goes to the group listed in
    the "followup-to" and I will see it. If you wish to start a sub thread and
    do not need this functionality you are free to put anything you wish in
    these fields; put whatever you want. Just because I use this does not mean
    *you* need to....

    Now, I am sorry your news reader, MicroPlanet-Gravity, coughs on this,
    really I am. However, what I am doing is fully within the RFCs for NNTP and
    is *not* malicious. I have heard outlook express also has a problem with
    this in the past. I do not know the status of OE as I have not used it in 8
    or so years.

    Now, I am considering this discussion closed. If you have anything to add
    about *this* thread "Attacks prompt third parties to fix flaw" please
    do...as I have many questions my self.


    Imhotep
     
    imhotep, Oct 4, 2006
    #9
  10. I notice the reply you recently received only answered the last half of your
    question, but was totally silent on the "Why do you reply in all the groups"
    part, which is clearly what makes the threads disjointed.

    Roger
     
    Roger Abell [MVP], Oct 4, 2006
    #10
  11. imhotep

    Dan W. Guest

    Very true and thanks for your input, Karl.
     
    Dan W., Oct 4, 2006
    #11
  12. imhotep

    Dan W. Guest

    Test -- to Imhotep if it works
     
    Dan W., Oct 4, 2006
    #12
  13. imhotep

    Leythos Guest

    Obviously you are doing it to be malicious, as anyone making a reply,
    with any usenet client, will follow the posting groups and reply in
    those groups. Your argument does not work, unless the posters Usenet
    client is misconfigured (like yours), everyone will see their reply.

    You are not helping, you are making it harder.

    If you want personal touches you need to stick with email, proper usenet
    methods for posting group messages to multiple areas also mean that you
    leave the follow-up alone. There is no valid reason to screw-up the
    message paths.

    Since most of the people you are posting to are noobs, with OE, you are
    purposely screwing with them, as they may never read your reply.
     
    Leythos, Oct 4, 2006
    #13
  14. If someone "incorrectly" replies to what you considered the wrong group
    then they modified the post-to list, and your use of follow-ups would in
    that case be irrelevant.

    If you did not use followups the vast majority of replies would go to were
    everyone following the thread would see them, i.e. the xpost list of groups.

    In that case it would also appear in your preferred newsgroup.

    That you feel you need to use followups so that you can have the reply
    "to you" called to your attention in the group that you would monitor is
    just plain ego-centric and not understanding at all of the needs of others.

    If your intention is for a discussion about the issue to reach those in the
    list of selected newsgroups, then let all posts go to those groups and do
    not use followups forcing those that do notice to alter what their well-
    behaved and RFC compliant newreader client preloads for the post-to
    (your spec'd followup) newsgroup.

    Roger
     
    Roger Abell [MVP], Oct 4, 2006
    #14
  15. imhotep

    Dan W. Guest

    I am hardly ever able to reply to Imhotep either and I use Mozilla
    Thunderbird which is an open source solution. What the heck is wrong
    with your newsreader, Imhotep or are you super paranoid about having
    your posts replied to. I thought it was Microsoft's fault at first but
    now I see the light that it is most likely the way you have your
    newsreader configured. Either join the game with your feedback and get
    with the program or please start posting elsewhere. I am only partially
    saying this to be an a____e and hope that you do change and that we can
    get along. I do appreciate the notices but you should be positive to
    all technology solutions and not demonize one solution over another. I
    would say no product offers the complete answer and only a plethora of
    products allows a somewhat positive experience. Have a nice day!
     
    Dan W., Oct 5, 2006
    #15
  16. imhotep

    Dan W. Guest

    This was directed at imhotep and not Leythos.
     
    Dan W., Oct 7, 2006
    #16
  17. imhotep

    imhotep Guest


    You are a waste of time...and borderline a troll...

    Imhotep
     
    imhotep, Oct 9, 2006
    #17
  18. imhotep

    imhotep Guest


    I do not demonize any solution. As I stated to lyther or whatever his name
    is: I do this because I do not have time to read ever newsgroup I post to.
    I usually post alert type posts...

    Now, I use the followup-to to point to a newsgroup I do try to check daily.
    This is out of respect for someone who replies to me. If you are repling
    but do not care if it is to me, set your headers any way you wish...

    Now, what specifically are you having a problem with? What does your
    newsreader do when it sees a "Followup-to". Please describe the problem so,
    at least, I can understand it.

    Honestly, my newsreader works well with or without the "followup-to"...which
    is why I do not understand your problem....


    Im
     
    imhotep, Oct 9, 2006
    #18
  19. imhotep

    Leythos Guest

    And as was stated to you: Some servers don't carry the group you set the
    follow-up too, some people don't read that group, but, if you don't mess
    with the follow-up, then everyone doing a reply, with a proper usenet
    client, will be visible to everyone else in the thread.

    Your method breaks the cross-posting model, breaks the reply method,
    breaks the ability to reply for people that use Usenet servers that
    don't have the security group.
     
    Leythos, Oct 9, 2006
    #19
  20. imhotep

    imhotep Guest

    Again, you miss the point, again I try to make you
    understand...merry-go-round anyone...

    ...and as stated by me, which you neglected to include (on purpose?) I set
    the header SO PEOPLE CAN REPLY TO ME. Again, if YOU do not need it don;t
    set it. In either case stop acting like a freak.

    Hum...works quite well for me. It seems that *your* news reader has problems
    or the user or both...Now, some truth feels go doesn't it?

    Imhotep
     
    imhotep, Oct 10, 2006
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.