Johannes Ullrich
Johannes Ullrich
Johannes Ullrich is the founder of DShield. DShield is now part of the SANS Internet Storm Center which he leads since it was created from Incidents.org and DShield back in 2001. In 2005, he was named one of the 50 most powerful people in Networking by Network World Magazine. He is the dean of research, and an instructor for the SANS Institute...
damage good patch quickly roll testing
More often than not, a patch will actually do more damage than good if you roll it out too quickly without testing it first.
appear apple distinct larger offer patches testing
At this point, Apple does not appear to offer the patches in distinct packages, which will make testing in larger environments tricky.
allow blocking display files normally programs windows
This should allow Windows programs to display WMF files normally while still blocking the exploit.
applying recommend temporary
At this point, we do not recommend applying these temporary patches.
allow bad compromise crash excel file hackers program trying word
What hackers are trying to find is, if they can make a bad Excel file or a bad Word file, does the program crash and allow them to compromise the system.
felt guess necessary release serious
My guess is that it's just serious enough that they really felt it was necessary to release it early.
against attack average defend hard problem
The problem with this attack is that it is so hard to defend against for the average user.
basically capable keeping last longer lost
Particularly over the last year, anti-virus (programs) have lost a lot of their effectiveness. They are basically no longer capable of keeping up with the proliferation of new viruses.
activity becomes increase linux virus
I think we'll see an increase in virus activity as Linux becomes more mainstream.
claims picture sexual sort tricks
It claims to be a movie or picture with some sort of sexual content. That is how it tricks you.
code endorse source validate
I don't think we will endorse this patch. There is no source code available, so we are not able to validate the patch.
basically built doors
We've basically built doors now for 4,000 years and still have burglaries.
assembly available both code difficult functions limits operating relying virus work worm
Writing a cross-platform worm is difficult because it limits you to functions that are available on both operating systems. You have to also code the virus in assembly to make it work without relying on any OS-specific function.
attempts aware blocks carefully checked exploit official patch percent sure tested worth
We carefully checked this patch and are 100 percent sure that it is not malicious. The patch is, of course, not as carefully tested as an official patch. But we feel it is worth the risk. We know it blocks all exploit attempts we are aware of.