RE: [Full-disclosure] Microsoft's Binary Planting Clean-Up Missi
From your blog:
"While we know there's still a lot of cleaning up to do in their binary pla=
nting closet, our research-oriented minds remain challenged to find new way=
s of exploiting these critical bugs and bypassing new and old countermeasur=
es. In the end, it was our research that got the ball rolling and it would =
be a missed opportunity for everyone's security if we didn't leverage the c=
urrent momentum and keep researching. "
I would change that around a bit. I would say "our self-serving and market=
ing-oriented minds remain challenged to understand what security really is,=
but regardless, continue to find ways of trying to convince people this re=
presents an actual security threat. In the end, it was our research that fa=
lsely created security concerns and confusion where time was better spent r=
eally doing just about anything else, but it would have been a missed oppor=
tunity to get our names in the media to sell our security services."=20
t
>-----Original Message-----
>From: full-disclosure-bounces@lists.grok.org.uk [mailto:full-disclosure-
>bounces@lists.grok.org.uk] On Behalf Of ACROS Security Lists
>Sent: Thursday, September 15, 2011 3:05 AM
>To: bugtraq@securityfocus.com; full-disclosure@lists.grok.org.uk;
>cert@cert.org; si-cert@arnes.si
>Subject: [Full-disclosure] Microsoft's Binary Planting Clean-Up Mission
>
>
>Our new blog post describes some recent changes Microsoft introduced to
>fight against binary planting exploits. The most recent change was the rem=
oval
>of a vulnerable COM server on Windows XP which we used in our proof of
>concept at Hack In The Box Amsterdam in May.
>
>Read the post to find out what else is hiding in the "COM server binary
>planting"
>closet and what to do to get our PoC back to life.
>
>http://blog.acrossecurity.com/2011/09/microsofts-binary-planting-clean-
>up.html
>
>or
>
>http://bit.ly/qWyKph
>
>Enjoy the reading!
>
>
>Mitja Kolsek
>CEO&CTO
>
>ACROS, d.o.o.
>Makedonska ulica 113
>SI - 2000 Maribor, Slovenia
>tel: +386 2 3000 280
>fax: +386 2 3000 282
>web: http://www.acrossecurity.com
>blg: http://blog.acrossecurity.com
>
>ACROS Security: Finding Your Digital Vulnerabilities Before Others Do
>
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
討論串 (同標題文章)
完整討論串 (本文為第 5 之 6 篇):