Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2004-12-02 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Sun bulletins, MS04-040 discussion, anti-spam vigilante-ism dumb, did you know?

Published: 2004-12-02
Last Updated: 2004-12-03 10:12:45 UTC
by Adrien de Beaupre (Version: 1)
0 comment(s)
Sun bulletins.

Three sun bulletins are out. One is related to a known issue with Java.
The second is related to a local vulnerability in ping. The third is for
Netscape 7.X on Solaris.

http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-57675-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-57683-1

MS04-040.

MS04-040 seems to have generated some discussion.
Some readers have reported that the update did not install correctly,
or did not mitigate the IFRAME vulnerability. Other conversations
have involved the timing of the update release. Feel free to chime
in and tell us your thoughts and experiences with this patch.
I installed it via WindowsUpdate and then checked the DLL versions
after a reboot. Lo and behold they were not the correct versions.
There are reports the PoC code may in fact still work. I manually
downloaded and installed the patch and it seems to have worked.
I was not able to do extensive testing.

Anti-spam DDoS = dumb!

This one is my own personal view. I find the anti-spam downloadable
DDoS tool to be without a doubt irresponsible, possibly illegal, sets
a really bad precedent, gives the wrong impression to users, and possibly
the dumbest thing I have heard of this week. Vigilante-ism is not a good
idea. The reasons are just too numerous to list. At least the web site
is no longer available.

Did you know?

ISC handlers are not paid for their work. In fact we are volunteers. These
opinions are my own.

Cheers,
Adrien
Keywords:
0 comment(s)
Diary Archives