New Windows Vuln. worse than WMF?

[westin]

My apologies. I only half-way checked for duplicate posts... I am pretty new to AO

[westin]

My apologies. I only half-way checked for duplicate posts... I am pretty new to AO

[HTRegz]

Hey Hey,

Relyt: [off topic] I've never mentioned this but that was almost my original internet nick... a friend suggested it.. [/off topic] Now... I wouldn't say that you've already posted about this... I think their substantially different... You posted about the updates being available... this is more of a discussion on the impact of one of the flaws... I'd saw it warrants it's own discussion but then again that's just my opinion...

As for the subject at hand... I don't think I agree with Litchfield.... It's definatey bad... but I don't see it as being worse than the WMF flaw.... This become public when the patch was released.... It wasn't previously published and there's no 0-day available for it... with the WMF there was.... Large corporation which wouldn't or couldn't trust the 3rd party patch were left vulnerable in many cases... in this case they simply have to apply the update... Will some people likely be "owned" by this.... no doubt... but most people will be fully patched (at the exchange level)... before a public exploit (or even a private one) starts circulating and causing damage.. So we're left with home users.. Outlook Vuln vs Outlook/IE vuln... both have patches available now... and the WMF is vulnerable to a broader form of attacks.. if you didn't update your computer... then you are vulnerable to both.. and with the broader scope.. it's more likely that WMF would affect the person...

Then again... Security companies are becoming more and more popular these days... they seem to spring up over night in some cases... and I think that has the existing companies scrambling... before they had labs were they could analyze stuff that the average geek never could... with the latest technology that has changed... I could have a large test environment in my house for reasonably cheap.. anyone can search for and locate vulns... and it just keeps getting easier with some of the tools out there... This means they need a way to convince people that they're still needed.. that there's a reason to pay for software when free alternatives are available... to make people think they are better... NGS discovered TNEF... that's why they're saying it's worse... so that they'll look like the bigger hero.. so they must be smarter... A lot of this is just PR... The patch is out.. therefore it's not the end of the world... They're just trying to drum up business now..

Peace,
HT

[HTRegz]

Hey Hey,

Relyt: [off topic] I've never mentioned this but that was almost my original internet nick... a friend suggested it.. [/off topic] Now... I wouldn't say that you've already posted about this... I think their substantially different... You posted about the updates being available... this is more of a discussion on the impact of one of the flaws... I'd saw it warrants it's own discussion but then again that's just my opinion...

As for the subject at hand... I don't think I agree with Litchfield.... It's definatey bad... but I don't see it as being worse than the WMF flaw.... This become public when the patch was released.... It wasn't previously published and there's no 0-day available for it... with the WMF there was.... Large corporation which wouldn't or couldn't trust the 3rd party patch were left vulnerable in many cases... in this case they simply have to apply the update... Will some people likely be "owned" by this.... no doubt... but most people will be fully patched (at the exchange level)... before a public exploit (or even a private one) starts circulating and causing damage.. So we're left with home users.. Outlook Vuln vs Outlook/IE vuln... both have patches available now... and the WMF is vulnerable to a broader form of attacks.. if you didn't update your computer... then you are vulnerable to both.. and with the broader scope.. it's more likely that WMF would affect the person...

Then again... Security companies are becoming more and more popular these days... they seem to spring up over night in some cases... and I think that has the existing companies scrambling... before they had labs were they could analyze stuff that the average geek never could... with the latest technology that has changed... I could have a large test environment in my house for reasonably cheap.. anyone can search for and locate vulns... and it just keeps getting easier with some of the tools out there... This means they need a way to convince people that they're still needed.. that there's a reason to pay for software when free alternatives are available... to make people think they are better... NGS discovered TNEF... that's why they're saying it's worse... so that they'll look like the bigger hero.. so they must be smarter... A lot of this is just PR... The patch is out.. therefore it's not the end of the world... They're just trying to drum up business now..

Peace,
HT

[Tiger Shark]

there's no 0-day available for it

ERROR: There has been an error in the trust module. Windows XP has prepared an error report. Would you like to send this report to Microsoft.

[Tiger Shark]

there's no 0-day available for it

ERROR: There has been an error in the trust module. Windows XP has prepared an error report. Would you like to send this report to Microsoft.

[mandraketux]

Originally posted here by Relyt
When only Commodore 64's existed?

heh i have one of those

[mandraketux]

Originally posted here by Relyt
When only Commodore 64's existed?

heh i have one of those

[Tiger Shark]

...and before Commodore's there were ZX-80/1's... I remember those fondly....

[Tiger Shark]

...and before Commodore's there were ZX-80/1's... I remember those fondly....