-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At some point hitherto, Ben Jackson hath spake thusly:
> Yes, but there are other calls in the Win32 API that prevent this attack
> from happening, from the looks of the MSDN docs I glanced over this
> morning after reading about some hooks on BUGTRAQ, it completely solves
> the problem that this attack brings up. So its the 3rd party developers
> that are at fault here, not MSFT.

That can only be true if the 3rd party vendors had prior knowledge
that the method they use had this problem, or at least reason to
suspect it.  Since Microsoft has concealed that knowledge from the
public, the 3rd party vendors can not be blamed.  They had no reason
to think that writing the code in that way would cause a problem.

- -- 
Derek Martin               ddm@pizzashack.org    
- ---------------------------------------------
I prefer mail encrypted with PGP/GPG!
GnuPG Key ID: 0x81CFE75D
Retrieve my public key at http://pgp.mit.edu
Learn more about it at http://www.gnupg.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9UTgidjdlQoHP510RAkOeAJ4mKfFZDdmJEtHWxFVkIbdY+yociwCfaxie
oaHfGfP7PZVnSjeEntIrAo0=
=5wbp
-----END PGP SIGNATURE-----