OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Bugtraq Archives: Fwd: Information on MS99-022

Fwd: Information on MS99-022

Vanja Hrustic (vanjaSIAMRELAY.COM)
Sun, 4 Jul 1999 03:49:54 +0700

I haven't seen this on the Bugtraq, but it's very interesting... 

--
>Wanted to advise that we are making information available regarding the
>technical details involved in the "Double Byte Code Page" vulnerability
>(http://www.microsoft.com/security/bulletins/ms99-022.asp).  We've provided
>a full description to the ICSA, for dissemination within their Intrusion
>Detection Consortium.  This will allow security vendors to have access to
>the information that they need to develop scanning tools that will check for
>this attack.  However, we are not planning to do a general release of the
>information.  If you are running IIS 3.0 or 4.0 on a server whose default
>language is set to Chinese, Japanese, or Korean, you should apply the patch.
>
>Cheers,
>
>Securemicrosoft.com

--

So, if I have my custom-developed IDS running, I won't be able to implement
a pattern for this, because I am not a member of 'Intrusion Detection
Consortium'?

Note the words...

"This will allow security vendors to have access to the information..." -
why only security vendors? What better they are than Bugtraq folks?

"Security through obscurity" comes to mind...

Vanja

















This archive was generated by hypermail 2.0b3 
on Sat Jul 03 1999 - 00:00:57 CDT