Any opinions on the recent slew of vulnerabilities (new windows vuln, ssh, sendmail, lsh, java, and the remnants of blaster and sobig)?
I think Haggis is an ass for posting that lsh 0day.
The big one is on the way.
Thanks Adron for patching that box before I even knew about the vuln.
I wish I could sell off my Winders boxes and never have to use them again.
Am I missing something? It seems as though you know of some sort of an attack that's gunna happen.
As I see it, anyone who was careful was not affected.
Note: By "careful" I don't necessarily mean "technically gifted". An average person who wants to be careful runs Windows, installs an anti-virus and a firewall and considers the box secured without taking any further care of it.
The anti-virus would update itself; SoBig blocked.
The firewall would block RPC; Blaster blocked.
Windows XP automatically installs WU critical patches by default; Blaster blocked, even without the requirement of a firewall.
I can't comment much on OpenSSH and lsh vulnerabilities, but I suppose anyone who was careful patched them quickly enough... Plus, they were advertised on Slashdot.
sendmail, java? I think I entirely missed something...