Deus, I posted this from my sub main e-mail account trying to get people's attention. If I said 'we have a fix' or something like that, it would show comercial intentions- that we do not have. this is free, and totally pro-bono. Also, it is PivX's, but not mine- its the brainchild of a few of the dev team guys (silly monekys). I can also blame insomnia and temporary neurosis after using my thinkg33k cafine soap! :) Thanks, -geoff ----- Original Message ----- From: "Deus, Attonbitus" <Thor@HammerofGod.com> To: "Geoff Shively" <gshively@pivx.com>; <bugtraq@securityfocus.com> Cc: "Focus on Microsoft Mailing List" <FOCUS-MS@SECURITYFOCUS.COM> Sent: Thursday, June 13, 2002 10:32 AM Subject: Re: Microsoft releases critical fix that breaks their own software! : : -----BEGIN PGP SIGNED MESSAGE----- : Hash: SHA1 : : At 10:58 PM 6/12/2002, Geoff Shively wrote: : >What classic MS, their newest critical alert dealing with the Gopher Root : >Vulnerability discussed on Security Focus last week : >[http://online.securityfocus.com/news/464] seems to break windows media : >player. : > : >Is there any validity to this- and, does their fix work? : > : >More info on the microsoft critical alert: : >http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security / : >bulletin/MS02-027.asp : >More info on the breakage: http://www.pivx.com/workaround_fail.html : : : Why would you phrase the question like this when you *are* PivX, know the : vulnerability exists, and have your own fix for it? : I mean, asking "is there any validity to this" seems almost like you are : trying to pretend to be an unattached 3rd party-- To me, anyway... : : I would think it would be just fine to say "Hey, here is the problem, we : have verified it, and we have a solution.... " : : Of course, feel free to correct me if I am wrong... : : AD : : : -----BEGIN PGP SIGNATURE----- : Version: PGP 7.1 : : iQA/AwUBPQjXH4hsmyD15h5gEQL5WACgvE4RgaoVWk3VDv+sWIAiAB120iwAoJnI : a8CYXyrtNAQypPI/kzAgqL9t : =JKFg : -----END PGP SIGNATURE----- : : :
