frankiocaine.com
Date: Fri Mar 31 2006 - 22:44:43 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

FWIW
[www.scmagazine.com/uk/news/article/550420/nash-go-sabbatical-Redmond/]

"The software giant announced last week that Mike Nash, head of Microsoft's Security
Technology Unit (STU), will step down from his position to go on sabbatical. He will
be replaced by Ben Fathi, who now works as general manager for storage and high
availability in the Windows group."

Anyone wanna guess what "sabbatical" is a euphemism for in Redmond?

As to the sultry, uk accented, bbc-ish news reader, I give you:

http://www.careerbuilder.com/monk-e-mail/?mid=6303583

-F

> Date: Thu, 30 Mar 2006 17:40:57 -0500
> From: Dave Aitel <daveimmunityinc.com>
> Subject: [Dailydave] Ah, oo, uh, ie.
> To: dailydavelists.immunitysec.com
> Message-ID: <442C5E79.7080205immunityinc.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Having some fun reading the MSRC weblog. Who doesn't? I want to have
> an automated thing scrape it out of the web page and read it out to me
> with a sultry female British accent. That's not weird, right? I could
> hook it up to every security weblog out there and have a really
> amusing radio station.
>
> Anyways, today you can read some funny things there, if you are in the
> right mindset. Or have them read to you. Whatever.
>
> Mike Nash: Hey, we've, uh, decided to throw a major change to how IE
> works with regards to ActiveX in with a security patch this month. We
> have an EXTRA OPTIONAL patch you can use to disable the change in
> behavior.
>
> I wonder if Mike's been talking to one of the DCOM designers. This
> sounds like something they'd think up.
>
> DCOM Designer: "Yo, so the server can call RpcImpersonateClient(), but
> not if the client has called SetCloaking("Definitely Not"). but if the
> registry has the "Cloaking: Not such a good thing" dword set to 1 then
> it still can. Clear?"
> ProgrammersProgrammersProgrammers: "Sure!"
>
> Haha. That API cracks me up every time.
>
> Anyways, I thought I'd point out a few of the funnier in-jokes.
> Mike Nash: """
> We?ve also been made aware of some third party solutions being made
> available for this vulnerability. Some of these solutions make
> modifications to Windows itself to bypass the attack vector of the
> vulnerability. Of course, while the IE team is working on an update
> to address the problem, we certainly recommend a defense in depth
> strategy that involves third party tools such as AntiVirus or IDS/IPS
> solutions. However we cannot recommend third party solutions that
> modify the way the product itself operates.
> """
>
> What does an AntiVirus or IDS/IPS do again? Oh right, MODIFY THE WAY
> THE PRODUCT OPERATES. And not entirely effectively. In our Unethical
> Hacking class this week we'll be bypassing AntiVirus with the new IE
> 0day (for fun and profit). I don't think we'll bother with NIDS,
> because I don't think NIDS can handle gzip+chunk encoded web pages
> anyways.
>
> The main funny think MSRC said to me this week was that they've been
> tracking down web sites that have the exploit on them, and shutting
> them down with law enforcement. Who cares, when you can get hit by a
> targeted attack? Not every attack is just blindly smacking down random
> grandmothers, although if you read MSRC, the sultry female british
> accent would quickly convince you that was the case.
>
> - -dave
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]