Wednesday, January 24, 2007

goodbye M

bye bye Milano

Date: Jan 24, 2007 6:46 PM

Subject: goodbye

Dear Giovinòts,

Today is my last day here.

I would like to say a HUGE thanks you to everyone, especially TAMs colleagues, tier III, Italian colleagues and kind souls that reply in the DL... I also want to apologize for all annoyances I caused during these last 18 months.

Having no background on M$ product, it was a mix of gamble and suicide mission for me to come working here, I guess I kinda won my bet but failed my mission (I am still alive!).

It was a great learning experience for me (I tested on my skin that no matter what protection you have, if you use IE, you are prone to be compromised rootkit drive by install) and I managed to erase my biggest prejudice against outlook (absolutely it is the worst operating system to read mail I've ever used).

Anyway, if you want to drop an email, I can be reached at (plain text email only please ;)

As they say: the valley is small, may be we'll meet again, someday.

I wish all of you the best.



X-Disclaimer: This email has never been tested on animal and never will


Wednesday, January 10, 2007

Déjà vu: vgx.dll, another nasty zero-day IE exploit in the wild...

It feels like déjà vu

Just less that 4 months ago, there was as zero-day IE vulnerability related its rendering engine (
Microsoft Vector Graphics Rendering Library Buffer Overflow)
now they just released a patch for IE 5.x, 6.x, 7.x to fix another VML vulnerability that they admit it is being actively exploited (Microsoft Windows Vector Markup Language Buffer Overflow)

no need to explain how dangerous these kind of remote execution exploits...
with the help of google (and other search engines) that provides malicious results allowing drive by install by simply going to malicious sites, 2007 is going to be another year of fruitious stealth rootkit installation...

thank you M$ for helping security vendors.

Use firefox!

Ignorance is a crime.

PS: Unregistering VGX.DLL workaround helps for both situation:
1.Click Start, click Run, type "%SystemRoot%\System32\regsvr32.exe" -u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll", and then click OK.

2.A dialog box appears to confirm that the un-registration process has succeeded. Click OK to close the dialog box.

For a large enterprise, this guy from M$ has provided a cool solution:
Block VML Zero-Day Vuln on a domain