OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: FW: RFP2K03: Contemplations on dvwssr.dll and how it affects life
From: eEye Digital Security (eeyeEEYE.COM)
Date: Fri Apr 21 2000 - 12:30:49 CDT

| -----Original Message-----
| From: Paul L Schmehl [mailto:paulsUTDALLAS.EDU]
| Sent: Friday, April 21, 2000 9:39 AM
| To: win2ksecadviceLISTSERV.NTSECURITY.NET
| Subject: Re: FW: RFP2K03: Contemplations on dvwssr.dll and how it
| affects life
|
<snip>
| At that point, all Russ is doing is providing expert opinion regarding the
| risks associated with an already confirmed vulnerability. Russ could
| perhaps be chastised for not confirming the story with Lipner himself, but
| had he contacted Lipner for verification, why would Lipner have told him
| anything different? He obviously had enough confidence in his "facts" to
| release them to the press.

Someone else's facts should mean nothing to you in the world of security. If
someone contacts you about a supposed hole and your someone who claims to be
a NT security expert, you should verify the hole for yourself. It would have
only taken Russ, well hopefully, a short amount of time to research the
vulnerability. Besides anyone with half a brain would never agree with
something just because some guy at Microsoft said so.

<snip>
| Paul L. Schmehl, paulsutdallas.edu
| Technical Support Services Manager
| The University of Texas at Dallas
|

Signed,
Marc
eEye Digital Security
http://www.eEye.com

_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net