January 2006


Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Don Tripp <[log in to unmask]>
Reply To:
Technology Discussion at UVM <[log in to unmask]>
Tue, 3 Jan 2006 17:56:03 -0500
text/plain (62 lines)
Here is another interesting news piece on this subject (hot off the SANS home page):


> Oxy-morons (NEW) Published: 2006-01-03, Last Updated: 2006-01-03 18:17:57 UTC
> by Tom Liston (Version: 1)
> "Although the issue is serious and malicious attacks are being attempted,
> Microsoft's intelligence sources indicate that the scope of the attacks are
> not widespread." - Microsoft Security Advisory (912840)
> "...Microsoft's intelligence sources..."?!?
> Go ahead and laugh.  I'll wait.
> Through?  O.K.
> While all of the rest of us were sleeping, it appears that the
> propeller-heads working on Billy Wonka's Official Microsoft Research and
> Development Team have been hard at work creating a crystal ball capable of
> foretelling the future.  The only problem: it appears that they made it from
> rose-colored crystal.

Lots of vastly differing opinions on this. Even the group of SANS Newsletter 
editors couldn't agree - they were about evenly split from my interpretation.

Unfortunately, I think institutions have a serious dilemma here. Personally, I 
installed the patch.  But a crystal ball would be handier...


Alison Pechenick wrote:
> Thank you, Keith.  I assumed this to be the case, and sent the article as an
> interesting news piece.  Probably should have added a disclaimer in the
> greeting :-)
> Happy New Year,
> Alison
> Keith Kennedy wrote:
>> Hi Alison,
>> CIT does NOT support applying this "unofficial" patch. Evaluating the
>> effectiveness of this patch, and making sure no harm is done is a complex
>> task. Here's Microsoft's latest news. They have a fix they are testing.
>> They plan to release it Jan 10th.

Donald Tripp, Security Specialist
Project Catalyst, 656-4104
[log in to unmask]
aim: uvmaisdon / jabber: dtripp