Re: [Full-Disclosure] Service Pack 2, don't discuss it here.

From: A.V. (pahalial.lists_at_gmail.com)
Date: 08/12/04

  • Next message: bipin gautam: "RE: [Full-Disclosure] driver for display goes to a infinite loop by viewing a html!"
    To: Tom Russell <kalleth@nildram.co.uk>
    Date: Thu, 12 Aug 2004 14:43:48 +0200
    
    

    I beg to differ and would have to side with Niek. This may belong on
    Focus on MS or such a list, but this list deals with vulnerability
    information and discussion.

    Let's check the charter:
    "Any information pertaining to vulnerabilities is acceptable" - notice
    that this makes no mention of discussing whether a patch breaks
    applications, since this isn't a vulnerability.

    Now, if we were discussing an exploit and someone said "This has been
    fixed by SP2" or "SP2 should have fixed this but didn't", or "SP2
    causes this", then sure, that's appropriate. But "SP2 broke my
    computer please help" belongs somewhere else.

    A.V.

    On Thu, 12 Aug 2004 12:21:52 +0100, Tom Russell <kalleth@nildram.co.uk> wrote:
    > This is a security mailing list.
    >
    > Windows XP SP2 represents possibly the most fundamental change in
    > windows internet policies for quite a long time.
    >
    > It also includes - supposedly - features that make it less prone to
    > virus attack and buffer overflow exploits.
    >
    > Both of these are related to security.
    >
    > I'd say this is one of the best places to discuss sp2.
    >
    > Tom Russell.
    >
    >
    >
    > > That's right, go pollute somewhere else.
    > >
    > > We do not need reports from people whose cardreader doesn't work any
    > > longer after they installed SP2 on a production machine.
    > > Go away!
    > >
    > > Regards,
    > >
    > > Niek Baakman
    > >
    > > _______________________________________________
    > > Full-Disclosure - We believe in it.
    > > Charter: http://lists.netsys.com/full-disclosure-charter.html
    > >
    > >
    >
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter: http://lists.netsys.com/full-disclosure-charter.html
    >

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: bipin gautam: "RE: [Full-Disclosure] driver for display goes to a infinite loop by viewing a html!"

    Relevant Pages

    • Re: [Full-Disclosure] YEY AGAIN Automatic remote compromise of InternetExplorer Service Pack 2 XP SP
      ... YEY AGAIN Automatic remote compromise of ... InternetExplorer Service Pack 2 XP SP2 ... > Microsoft Internet Explorer XP SP2 Fully Automated Remote Compromise ... > vulnerability in itself, but rather it is uses multiple known holes in SP2 ...
      (Full-Disclosure)
    • Re: The whole Apple can Run Windows thing...
      ... case that SP2 has been out for "a long time now", ... you're referring to was the RPC vulnerability - it was fixed with a couple ... "analysts" who discover security holes who are the smart ones - and from ... no longer allowed direct access to system resources - instead (in the case ...
      (rec.photo.digital.slr-systems)
    • RE: [Full-Disclosure] YEY AGAIN Automatic remote compromise ofInternetExplorer Service Pack 2 XP SP2
      ... YEY AGAIN Automatic remote compromise ... ofInternetExplorer Service Pack 2 XP SP2 ... > vulnerability in itself, but rather it is uses multiple known holes in SP2 ... > Vulnerability and Help ActiveX Control Related Topics Cross Site Scripting ...
      (Full-Disclosure)
    • Re: HOWTO: How to remove VX2 spyware (the latest and worst versions)
      ... >> Actually SP2 could have little to do with it. ... | SECURITY VULNERABILITY FIXES WERE ALLOWED. ... The adware/spyware you indicated are not installed via an OS vulnerability. ... Your friend has what's called contributory negligence. ...
      (microsoft.public.windowsxp.general)
    • Alert: W32/BadTrans.B-mm
      ... This thing exploits a vulnerability in some versions of Internet Explorer ... deliver the patch. ... IE 5.01 prior to SP2 is vulnerable ... for IE 5.01 or IE 5.5, so it clearly makes sense to get SP2 install and not ...
      (NT-Bugtraq)