Question about BugOff

Question about BugOff

am 29.04.2006 16:49:07 von FrankG

The "IT Pros" at a small company have recently installed it on all the
machines.
I'm looking for any kind of URL/reference/documentation to give to
them.

Can't seem to find much info about it, but what I have found suggests
the exploits it protects against are already patched.

Merijn has done some really great work and while BugOff was very
helpful at the time, it appears that time has past.

Any info would be much appreciated.

Regards,
FrankG

Re: Question about BugOff

am 29.04.2006 17:02:15 von Sebastian Gottschalk

FrankG wrote:

> Can't seem to find much info about it, but what I have found suggests
> the exploits it protects against are already patched.

It merely sets some killbits for certain ActiveX controls.
So, who cares?
1. only affects IE users, which are fucked anyway
2. ActiveX is evil by design, we need a whitelist (empty by default)
instead of a blacklist and version-independent binding must be widely
deployed
3. Nothing has been patched. Microsoft simply put the very same killbits
in place instead of actually fixing the problem. Any local application
exploying these controls stays vulnerable.

Re: Question about BugOff

am 30.04.2006 02:23:06 von FrankG

FrankG wrote:
The "IT Pros" at a small company have recently installed it on all the
machines.
I'm looking for any kind of URL/reference/documentation to give to
them.

Can't seem to find much info about it, but what I have found suggests
the exploits it protects against are already patched.

Merijn has done some really great work and while BugOff was very
helpful at the time, it appears that time has past.

Any info would be much appreciated.

Regards,
FrankG

Sebastian Gottschalk wrote:
It merely sets some killbits for certain ActiveX controls.
So, who cares?
1. only affects IE users, which are fucked anyway
2. ActiveX is evil by design, we need a whitelist (empty by default)
instead of a blacklist and version-independent binding must be widely
deployed
3. Nothing has been patched. Microsoft simply put the very same
killbits
in place instead of actually fixing the problem. Any local application
exploying these controls stays vulnerable.



Thanks so much for your response.
Yes they are IE users.

Still looking for any kind of URL/reference/documentation to give to
the IT folks.

Regards,
FrankG