- It's the applications, stupid
- Will a whitelist save personal computing?
- Thousands of Web sites under attack
- To solve the unsolvable problem
- Re-thinking the security of virtual machines
- Security Development Lifecycle trumps code complexity
- Is your Web site FIPS compliant?
- Computer security: Why have least privilege?
- Strategic security: Get a handle on authentication
- Control user installs of software
May 29, 2006 | Comments: (0)
Someone is claiming to have a remote Windows Vista Exploit for sale-probably bogus
Taken from Full Disclosure Mailing List [unconfirmed, probably bogus]
On 5/25/06, 0x80@hush.ai <0x80@hush.ai> wrote:
Due to the sucess of my IE vuln sale I have decided to sell a Windows Vista exploit I discovered. This one work remote and will run code.
Warning: Emails contain offensive language
http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/45736?page=last
Not sure if this is a valid claim (I even hesitated posting it here), but just in case. I tried to find out more about the poster and these claims, but did not come up with anything.
But reflecting about it a bit, a Windows Vista exploit released now has little value. Released after Vista is popular, it would be much more valuable. So, if I had to guess, I would say this is a bogus post.
Posted by Roger Grimes on May 29, 2006 02:04 AM
RATE THIS ARTICLE:
-
- COMMENTS
Yeah but seeing as the beta 2 has just been released to the worlds press surely this is a good time to get the damage done. As if this is true and affects the worlds media it will be all over the place that vista has been hacked before it has been released, major damage to vista
Posted by: Rich at May 29, 2006 04:44 AMThere's no money to be made while Vista is in beta. Vulnerability sellers want to make money, not damage Microsoft's reputation. If released now, it means somebody found a bug in beta software...that's the definition of beta. It results in little harm to Microsoft and makes the poster no money.
If released after Vista has left beta, it makes both the creator and the buyer (i.e. criminal) money, and makes Microsoft look worse.
For these reasons alone, I don't think the poster really has the exploit.
Posted by: Roger A. Grimes at May 29, 2006 06:00 AMTOP STORIES
ADDITIONAL RESOURCES
- Why Linux Threats Mean Business
- Do you have the power to resolve technical issues with one call?
- Take control of your content- leverage Microsoft SharePoint
- Windows Vista: A Cyber Security Shield
- 8 Phases of a Successful Consolidation Initiative
- Solving 9 Common IT Challenges Through Workload Profiling and Portability
