[prev in list] [next in list] [prev in thread] [next in thread] 

List:       dailydave
Subject:    RE: [Dailydave] Fonts of fun, buckets of bugs
From:       "Brett Moore" <brett.moore () security-assessment ! com>
Date:       2006-01-11 23:02:38
Message-ID: 002601c61703$1f179de0$0a01a8c0 () antic0de
[Download RAW message or body]


Hey Guys.

Yeah it's a strange feeling when a vuln is released that you have been
working on.
Twice I've had the experience of discovering that someone else has found the
same
bug as myself. Once was reported to MS 2-3 days before I reported it. 
(at first I thought spies in the midst, but that soon gave way to my normal
paranoia)

But instances like this definitely back up the statements around how vulns
are not
known untill patches are released, and the real world scenario of 0day bugs.

I think that this is going to more often as time goes by, for various
reasons such 
as the fact that there is more information around vuln syntax, and more
people are
capable of identifying (and actively looking for) vulnerabilities.

Brett

-----Original Message-----
From: Marc Maiffret [mailto:mmaiffret@eeye.com] 
Sent: Thursday, 12 January 2006 7:52 a.m.
To: Piotr Bania; dailydave@lists.immunitysec.com
Subject: RE: [Dailydave] Fonts of fun

Hey Piotr, as recently emailed sorry about that. Dumb mistake that
should have been caught, one of the releases that did not go under my
personal radar. Eitherway good find on the bug, as also previously
mentioned. Hopefully it further illustrates that bugs can be found by
multiple people, whether a week apart or over 150 days apart. Zeroday is
alive and kickin

-Marc

> -----Original Message-----
> From: Piotr Bania [mailto:bania.piotr@gmail.com] 
> Sent: Wednesday, January 11, 2006 7:36 AM
> To: dailydave@lists.immunitysec.com; dave@immunitysec.com
> Subject: Re: [Dailydave] Fonts of fun
> 
> 
> Hi,
> 
>  >...
>  >eEye's newsletter today said this about it:
>  >"Details of this flaw were first released today in 
> conjunction with  >the Microsoft patch and within minutes, 
> other researchers had reverse  >engineered the Microsoft 
> patch and shared the details online, which  >means that this 
> flaw may very well be used in an attack.  The attack  >vector 
> of this flaw is similar to the WMF flaw, in that a user must  
> >visit a malicious website containing the malicious font file."
>  >...
>  >It's clear that Piotr did not "reverse engineer the  
> >patch". He'd obviously had the bug for some time  >...
> 
> Nothing more to say.
> 
> best regards,
> Piotr Bania
> 
> --
> --------------------------------------------------------------------
> Piotr Bania - <bania.piotr@gmail.com> - 0xCD, 0x19
> Fingerprint: 413E 51C7 912E 3D4E A62A  BFA4 1FF6 689F BE43 
> AC33 http://www.piotrbania.com  - Key ID: 0xBE43AC33
> --------------------------------------------------------------------
> 
>                - "The more I learn about men, the more I love dogs."
> 
> 



e-mail protected and scanned by Bizo Email Filter - powered by Advascan




[prev in list] [next in list] [prev in thread] [next in thread]