[funsec] MSN (or should that be "msn") goofs again

Nick FitzGerald nick at virus-l.demon.co.uk
Sat Sep 23 18:31:34 CDT 2006


Hi all,

I've just posted this to Full-Disclosure, but it's apposite here and I 
think some of you now don't track F-D...

Read this from the Kaspersky Analysts' Diary:

   http://www.viruslist.com/en/weblog?weblogid=199354341

Weep, laugh, /., etc as is your wont...

Given the "obvious fix" to folk capable of making such a mistake in the 

first place, one might almost expect that, once it's fixed, "pIF" or 
"Pif" or "PiF" or "pIf", etc would still work.

It's a good thing that Michael Howard and the boys have been wrastling 
security and code-quality concepts into the softies for most of this 
century -- imagine how bad things might be if they hadn't a been...


Regards,

Nick FitzGerald



More information about the funsec mailing list