Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: Sun bulletins, MS04-040 discussion, anti-spam vigilante-ism dumb, did you know? - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Sun bulletins, MS04-040 discussion, anti-spam vigilante-ism dumb, did you know?
Sun bulletins.

Three sun bulletins are out. One is related to a known issue with Java.
The second is related to a local vulnerability in ping. The third is for
Netscape 7.X on Solaris.

http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-57675-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-57683-1

MS04-040.

MS04-040 seems to have generated some discussion.
Some readers have reported that the update did not install correctly,
or did not mitigate the IFRAME vulnerability. Other conversations
have involved the timing of the update release. Feel free to chime
in and tell us your thoughts and experiences with this patch.
I installed it via WindowsUpdate and then checked the DLL versions
after a reboot. Lo and behold they were not the correct versions.
There are reports the PoC code may in fact still work. I manually
downloaded and installed the patch and it seems to have worked.
I was not able to do extensive testing.

Anti-spam DDoS = dumb!

This one is my own personal view. I find the anti-spam downloadable
DDoS tool to be without a doubt irresponsible, possibly illegal, sets
a really bad precedent, gives the wrong impression to users, and possibly
the dumbest thing I have heard of this week. Vigilante-ism is not a good
idea. The reasons are just too numerous to list. At least the web site
is no longer available.

Did you know?

ISC handlers are not paid for their work. In fact we are volunteers. These
opinions are my own.

Cheers,
Adrien
Adrien de Beaupre

353 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!