Warning: This post contains large amounts of sarcasm. If you lack a sense of humour, can’t laugh at yourself (or someone else for that matter) without venting large amount of rage, please don’t look on.
I’m not really one for getting involved in security scene garbage, but sometimes stuff happens that seems stranger than life. The Zero Day Emergency Response Team is a group consisting of some highly respected individuals in the security community, as well as some perhaps more controversial ones. ZERT as they call themselves have released an unofficial patch for the vgx.dll issue affecting Outlook and Internet Explorer. From the press release:
ZERT is a group of engineers with extensive experience in reverse
engineering software, firmware and hardware coupled with liaisons from
industry, community and incident response groups. While ZERT works with
several Internet security operations and has liaisons to anti-virus and
network operatiions communities, ZERT is not affiliated with a particular
ZERT members work together as a team to release a non-vendor patch when a
so-called â€œ0dayâ€ (zero-day) exploit appears in the open which poses a
serious risk to the public, to the infrastructure of the Internet or
both. The purpose of ZERT is not to â€œcrackâ€ products, but rather to
â€œuncrackâ€ them by averting security vulnerabilities in them before they
can be widely exploited.
It is always a good idea to wait for a vendor-supplied patch and apply it
as soon as possible, but there will be times when an ad-hoc group such as
ours can release a working patch before a vendor can release their
So, we’re supposed to put unofficial third-party patches on software before the vendor provides a patch. Er… then I think we’re supposed to take the patches off (arrr, jim lad – no, that was last week) and put the real ones on. Maybe we’re supposed to keep the unofficial patches till Windows Update overwrites it and everything goes down like a bag of sick. Oh, I’m so confused.
Anyways, ZERT sounds like one of those things that in theory is a good idea, but in practice is probably less so, like Gentoo, Macs or Communism. I do hope that ZERT does well, I wish the guys all the best but won’t be applying unofficial patches. To be fair, I don’t use IE or Outlook (except for outlook at work, but that’s a different story). Still, it got me thinking, life must be pretty exciting at ZERT HQ. I’ve got this mental image of the A-Team, Team America or Zero Wing forming in my head when I think of it. In fact, I’m pretty sure the whole VML thing probably went something like this – then again, with my vivid imagination it might not be totally accurate:
<zertbot> In AD 2006, war was beginning
<gadi> What happen?
<pvixie> Somebody set us up the VML.
<nickf> We get signal.
<gadi> What !
<nickf> Main screen turn on.
<gadi> It's you !!
<n3td3v> How are Yahoo! gentlemen !!
<n3td3v> All your base are belong to us.
<n3td3v> You are on the way to destruction.
<gadi> What you say !!
<n3td3v> You have no chance to patch make your time.
<n3td3v> Ha Ha Ha Ha ....
<nickf> Captain !!
<gadi> Take off every 'Zert' !!
<gadi> You know what you doing.
<gadi> Move 'Zert'.
<gadi> For great justice.