Johannes Ullrich
Johannes Ullrich
Johannes Ullrich is the founder of DShield. DShield is now part of the SANS Internet Storm Center which he leads since it was created from Incidents.org and DShield back in 2001. In 2005, he was named one of the 50 most powerful people in Networking by Network World Magazine. He is the dean of research, and an instructor for the SANS Institute...
dangerous exploit issue
The Snort issue is more dangerous because the exploit is really simple.
microsoft taking
In this case, Microsoft is taking too long.
cooperate functions less patches problems software sort various
These are the sort of problems that we typically see when patches don't cooperate well with various third-party software and some of the less used functions of Windows,
bragging looking teenagers
It used to be teenagers looking for bragging rights. Now it's done for profit.
claims picture sexual sort tricks
It claims to be a movie or picture with some sort of sexual content. That is how it tricks you.
code endorse source validate
I don't think we will endorse this patch. There is no source code available, so we are not able to validate the patch.
actively early exploited flaw fully limited measures multiple provides release sufficient tested
The flaw is actively exploited on multiple sites, and antivirus provides only limited protection. Active use of an exploit without sufficient mitigating measures should warrant the early release of a patch, even a preliminary, not fully tested patch.
damage good patch quickly roll testing
More often than not, a patch will actually do more damage than good if you roll it out too quickly without testing it first.
basically capable keeping last longer lost
Particularly over the last year, anti-virus (programs) have lost a lot of their effectiveness. They are basically no longer capable of keeping up with the proliferation of new viruses.
allow blocking display files normally programs windows
This should allow Windows programs to display WMF files normally while still blocking the exploit.
based company convinced customers danger days early explorer given imminent internet issue microsoft patch patches prior production public release released require stated suspect within
We do suspect that Microsoft will still release an early patch given the imminent danger to its customers from this flaw. As stated by the company about two years ago, patches can be released within two days if needed. Based on prior public commitments, we do suspect that Microsoft will issue the patch early once they are convinced that customers require the use of Internet Explorer in production environments.
basically built doors
We've basically built doors now for 4,000 years and still have burglaries.
assembly available both code difficult functions limits operating relying virus work worm
Writing a cross-platform worm is difficult because it limits you to functions that are available on both operating systems. You have to also code the virus in assembly to make it work without relying on any OS-specific function.
against attack average defend hard problem
The problem with this attack is that it is so hard to defend against for the average user.