IT-DISCUSS Archives

January 2006

IT-DISCUSS@LIST.UVM.EDU

Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
From:
Don Tripp <[log in to unmask]>
Reply To:
Technology Discussion at UVM <[log in to unmask]>
Date:
Tue, 3 Jan 2006 17:56:03 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (62 lines)
Here is another interesting news piece on this subject (hot off the SANS home page):

Link: http://isc.sans.org/diary.php?storyid=1011

> Oxy-morons (NEW) Published: 2006-01-03, Last Updated: 2006-01-03 18:17:57 UTC
> by Tom Liston (Version: 1)
> 
> "Although the issue is serious and malicious attacks are being attempted,
> Microsoft's intelligence sources indicate that the scope of the attacks are
> not widespread." - Microsoft Security Advisory (912840)
> 
> "...Microsoft's intelligence sources..."?!?
> 
> Go ahead and laugh.  I'll wait.
> 
> Through?  O.K.
> 
> While all of the rest of us were sleeping, it appears that the
> propeller-heads working on Billy Wonka's Official Microsoft Research and
> Development Team have been hard at work creating a crystal ball capable of
> foretelling the future.  The only problem: it appears that they made it from
> rose-colored crystal.
...

Lots of vastly differing opinions on this. Even the group of SANS Newsletter 
editors couldn't agree - they were about evenly split from my interpretation.

Unfortunately, I think institutions have a serious dilemma here. Personally, I 
installed the patch.  But a crystal ball would be handier...

-Don




Alison Pechenick wrote:
> Thank you, Keith.  I assumed this to be the case, and sent the article as an
> interesting news piece.  Probably should have added a disclaimer in the
> greeting :-)
> 
> Happy New Year,
> 
> Alison
> 
> Keith Kennedy wrote:
> 
>> Hi Alison,
>> 
>> CIT does NOT support applying this "unofficial" patch. Evaluating the
>> effectiveness of this patch, and making sure no harm is done is a complex
>> task. Here's Microsoft's latest news. They have a fix they are testing.
>> They plan to release it Jan 10th.
> 
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Donald Tripp, Security Specialist
Project Catalyst, 656-4104
[log in to unmask]
aim: uvmaisdon / jabber: dtripp

ATOM RSS1 RSS2