RE: [Full-Disclosure] Flaws security feature of SP2

• Previous message: Barry Fitzgerald: "Re: [Full-Disclosure] lame b!tching about xpsp2"
• In reply to: Juergen Schmidt: "[Full-Disclosure] Flaws security feature of SP2"
• Next in thread: Juergen Schmidt: "RE: [Full-Disclosure] Flaws security feature of SP2"
• Reply: Juergen Schmidt: "RE: [Full-Disclosure] Flaws security feature of SP2"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <full-disclosure@lists.netsys.com>
Date: Mon, 16 Aug 2004 11:20:10 -0400

> Exploiting this issue requires the ability to overwrite
> existing files wich have a trusted or non-existant ZoneID.
> Right now there is no known way to achieve this in an attack
> mounted from the Internet.

Ok. So if I have the ability to do that, isn't it safe to say that I already
control the box?

> Vendor status
> -------------
> heise Security has notified Microsoft about both issues on
> August 12. Microsoft Security Response Center
> responded:
>
> "We have investigated your report, as we do with all reports,
> however in this case, we don't see these issues as being in
> conflict with the design goals of the new protections. We are
> always seeking improvements to our security protections and
> this discussion will certainly provide additional input into
> future security features and improvements, but at this time
> we do not see these as issues that we would develop patches
> or workarounds to address."

I'm inclined to agree with them. I see the potential for problems as you
have pointed out, but I guess I need a little help in understanding how this
could ever be more than a theoretical vulnerability. Could you perhaps
elaborate and maybe toss in a hypothetical situation or two to help me see
what you're driving at?

--
Jonathan
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Previous message: Barry Fitzgerald: "Re: [Full-Disclosure] lame b!tching about xpsp2"
• In reply to: Juergen Schmidt: "[Full-Disclosure] Flaws security feature of SP2"
• Next in thread: Juergen Schmidt: "RE: [Full-Disclosure] Flaws security feature of SP2"
• Reply: Juergen Schmidt: "RE: [Full-Disclosure] Flaws security feature of SP2"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: what to do it illegal activity found during pen-test ... My initial thought was report it to the police ... designated in the contract at the start of the engagement. ... email you encrypt it using the public key of the security contact given to ... managed service can help you: http://www.cenzic.com/news_events/wpappsec.php ... (Pen-Test) Portcullis Advisory 05-006 Update, Webseries Payment Application ... Portcullis Security Advisory ... Bottomline acknowledge that there is a slight risk of exposure of data ... via unauthorised report generation. ... (Bugtraq) Foot and Mouth. The truth for America ... Homeland Security released June 20. ... "If DHS believes Plum Island is truly going to be significantly safer, ... foot-and-mouth disease - facts noted in the Homeland Security report. ... The only scenarios described in the report where an outbreak could ... (uk.business.agriculture) Malicious Code On Rise: Web Sites Responsible ... In the first quarter of 2007, security firm Sophos ... day infected with so-called malware. ... The report was released during InfoSec, ... Sophos reported that 70% of infected websites were legitimate sites ... (comp.dcom.telecom) London The PC Zombie capital ... Get breaking Security news straight to your desktop - click here to ... taken from Symantec's Global Internet Threat Report ... Symantec reckons the likely cause of this rise is down to the rapid ... (uk.telecom.broadband)