Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] More information on ZERT patch for ANI 0day

from [Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] More information on ZERT patch for ANI 0day
Date: Tue, 03 Apr 2007 11:52:42 -0700 
Hardly.

Don't remember that last Zero day in 2006 do you?
http://www.eweek.com/article2/0,1895,2019162,00.asp

The Zert folks have coded up zero day patches before (VML and WMF 
anyone?) and are folks actively out in the community.  While I'm not 
ready yet to install third party patches on systems, I admire them for 
the community need that they are reacting to.  Gadi and the crew work 
hard and have my respect for their efforts.

If you are willing to evaluate the eEye patch, Zert's should be higher 
on your list as well since reportedly it works better than eEye's.

Regardless it's a moot point.  The real patch is out.
Install that one.  It's on Windows update now.

Stefan Kelm wrote:

Hi, more information about the patch released April 1st can be found here:

http://zert.isotf.org/

Including:
1. Technical information.
2. Why this patch was released when eeye already released a third party
patch.
    


Has anyone actually checked what this patch does? Who are ZERT and
ISOTF respectively ("About ISOTF" at http://www.isotf.org/?page_value=0
says a lot...)?

...or is this an April Fool's joke?

Cheers,

      Stefan.

  


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-disclosure] FLEA-2007-0006-2: ImageMagick, Foresight Linux Essential Announcement Service
Next by Date:  Re: [Full-disclosure] More information on ZERT patch for ANI 0day, neal.krawetz
Previous by Thread:  Re: [Full-disclosure] More information on ZERT patch for ANI 0day, Matthew Murphy
Next by Thread:  Re: [Full-disclosure] More information on ZERT patch for ANI 0day, Jason Frisvold
Indexes:  [Date] [Thread] [Top] [All Lists]