-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Why Doesn't Microsoft Look for Its Own Bugs?
,----[ Quote ]
| Sotirov noted that it's TippingPoint's and
| VeriSign's customers who were paying for
| this research and that Microsoft should be
| paying too. Surely, I asked, Microsoft does
| vulnerability research on their own
| product. At this point another famous
| researcher, Dino Dai Zovi, piped in to say
| no: "Apple is the only vendor that I know
| of that releases patches for vulns found
| internally."
|
| This rang true; I know I've read Apple
| advisories that credited internal research
| and I couldn't recall a Microsoft advisory
| that credited their own. I looked and not a
| single vulnerability disclosure (so far) in
| 2009 was credited explicitly to Microsoft.
| I asked Microsoft about it.
|
| Their answer... Well, of course they look
| for and find these things, but not so much.
`----
http://www.pcmag.com/article2/0,2817,2357051,00.asp
Microsoft knew of just-patched IE zero-day for months
,----[ Quote ]
| Microsoft may not have hustled as fast as
| researchers thought when the company
| patched a zero-day bug in Internet Explorer
| (IE) just 18 days after exploit code went
| public.
|
| According to VeriSign iDefense, Microsoft
| had information about the browser bug
| nearly six months before the researcher
| dubbed "K4mr4n" posted attack code to the
| Bugtraq security mailing list on Nov. 20.
`----
http://www.computerworld.com/s/article/9142078/Microsoft_knew_of_just_patched_IE_zero_day_for_months
Recent:
Zero-day IE fix stars in last Patch Tuesday of the decade
,----[ Quote ]
| Tuesday is due to bring six bulletins, three
| of which are critical. The critical fixes
| address flaws in Windows and Office as well as
| IE. The Office update covers flaws in Project,
| Word and Works 8.5.
`----
http://www.theregister.co.uk/2009/12/04/ms_patch_tuesday_pre_alert/
Attacks Appear Imminent as IE Exploit Is Improved
,----[ Quote ]
| Hackers working on the open-source
| Metasploit project have spiffed up a zero-
| day attack on Microsoft's Internet
| Explorer, making it more reliable -- and
| more likely to be used by criminals.
|
| Security experts have been worried about
| the flaw since it was first disclosed on
| the Bugtraq mailing list Friday. But the
| original demonstration code was unreliable
| and has not been used in real-world
| attacks.
`----
http://www.pcworld.com/article/183190/attacks_appear_imminent_as_ie_exploit_is_improved.html
Microsoft IE exploit code unreliable, but more coming
http://www.networkworld.com/news/2009/112309-microsoft-ie-exploit-code.html?t51hb
Fixing the Internet Explorer Blues
,----[ Quote ]
| Earlier this week Microsoft announced yet
| another IE (Internet Explorer) bug. This
| one, Microsoft Security Advisory 977981, is
| one of the really bad ones that can allow
| attackers to take your Windows PC over.
| Yuck!
|
| [...]
|
| I think your best move to keep the world
| from sneaking in some malware over your
| browser is to get the latest versions of
| Firefox 3.5.5 or Google's Chrome 3.0.x Web
| browser. Neither is perfect, but they are
| better than IE. I wish I could recommend
| Opera, but I continue to have real concerns
| about Opera's built-in Web server security.
`----
http://www.itworld.com/security/86298/fixing-internet-explorer-blues
Microsoft Warns of IE Vulnerability
http://windowsitpro.com/mobile/pda/Article.cfm?ArticleID=103204&News=1
Microsoft Issues Security Advisory on IE Vulnerability
http://www.pcworld.com/article/182935/microsoft_issues_security_advisory_on_ie_vulnerability.html
Exploit code targets Internet Explorer zero-day display flaw
http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1375179,00.html
New Security Flaw Hits Internet Explorer 6 & 7
http://techfragments.com/1104/new-security-flaw-hits-internet-explorer-6-7
New attack targets weakness in Internet Explorer
http://voices.washingtonpost.com/securityfix/2009/11/new_attack_targets_weakness_in.html
Microsoft Issues Internet Explorer Security Advisory
http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=221901038
Microsoft warns of IE exploit code in the wild
,----[ Quote ]
| Microsoft on Monday said it is
| investigating a possible vulnerability in
| Internet Explorer after exploit code that
| allegedly can be used to take control of
| computers, if they visit a Web site hosting
| the code, was posted to a security mailing
| list.
`----
http://news.cnet.com/8301-1009_3-10403756-83.html
IE bug leaks private details from 50m PDF files
,----[ Quote ]
| A bug in Microsoft's Internet Explorer
| browser is causing more than 50 million
| files stored online to leak potentially
| sensitive information that could compromise
| user privacy, a security researcher said.
`----
http://www.theregister.co.uk/2009/11/23/internet_explorer_file_disclosure_bug/
Microsoft Corp. (MSFT) CFO Christopher P Liddell sells 20,000 Shares
http://www.gurufocus.com/news.php?id=63097
Microsoft loses top beancounter
,----[ Quote ]
| Microsoft is saying goodbye to its chief
| beancounter, Chris Liddell, after four and a
| half years in the post.
`----
http://www.theregister.co.uk/2009/11/25/microsoft_cfo_goes/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkslnM0ACgkQU4xAY3RXLo4NQwCfXzjoIuSuc1R/r7h3Ihn4IaMe
eCYAoJ+DiIHSdfFlcdSH9HHkTSFre0F1
=l4hV
-----END PGP SIGNATURE-----
|
|
