Profile_bird

Hey there! alexsotirov is using Twitter.

Twitter is a free service that lets you keep in touch with people through the exchange of quick, frequent answers to one simple question: What are you doing? Join today to start receiving alexsotirov's updates.

Already using Twitter
from your phone? Click here.

alexsotirov

  1. The WOOT '09 program is up at http://bit.ly/yUnH0. We have nine very good papers this year. Register to attend by Aug 3rd!
  2. Three days left before the Pwnie Awards nominations close! Submit them at http://pwnie-awards.org/ (via @PwnieAwards)
  3. Windows 7 has ugly icons. Is it that hard to steal the Apple look? Come on, you've done it before.
  4. @attritionorg No more free bugs!
  5. @vigeek What's an Argentinian octopus?
  6. I think that today I finally surpassed my record for longest time spent on a single exploit. It's been over a month, but I'm almost done!
  7. @codypierce App compat testing can't take longer than the release cycle of the 3rd party apps you're testing against. 12 months is too long.
  8. But I'm also glad that I'm not on the side that has to care about that any more :-)
  9. I'm pretty sure that even the most extensive compatibility tests can be run in under 12 months http://bit.ly/U9DIr (MS talks about msvidctl)
  10. "Why doesn't he just buy another bicycle?" http://blogs.msdn.com/oldne...
  11. @lsetzer Based on my experience, CVEs are usually assigned when the bug is confirmed by Microsoft, although there could be exceptions.
  12. @lseltzer You're right, I misread the year. The CVE is CVE-2008-0015, which means it was most likely assigned around January of 2008.
  13. @jness Independent rediscoveries of bugs happens all the time, but conspiracy theories are more fun :-)
  14. RT @jness the msvidctl.dll bug details did not go out to MAPP partners until the advisory was released on monday
  15. It could be a coincidence of course, but it reminds me of the ANI bug that also appeared in the wild two weeks before the scheduled patch.
  16. Did the msvidctl bug leak through the MAPP program? It was reported 6 months ago and it looks like the patch for it was scheduled for July.
  17. OH: yeah, we can get a tiger
  18. @kmx2600 What is the right model?
  19. RT @dinodaizovi Mark Dowd has to cut himself while auditing to still feel something
  20. Apple fanboy comments on Charlie's iPhone SMS remote root: "This "vulnerability" does nothing of any real consequence" http://bit.ly/10A215