lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Sat, 13 Sep 2003 09:38:17 JST
From: achurch@...urch.org (Andrew Church)
To: bugtraq@...urityfocus.com
Subject: RE: Computer Sabotage by Microsoft


>Automatic system updates are nothing new, we see it all the time with
>antivirus software. Given that the enduser has agreed for his AV to be
>updated automatically

     This is the crux of the issue; I believe Stefan's point was that he
did not--actively--agree to the update.  If there was a "click to update"
button, an option to enable or disable automatic updates (like AV
software), or even a message saying "your software will now be updated,
click here to cancel" (like the PlayOnline game service offered by Square),
the issue would be different, but my impression is that there were none of
those.  Not only does this raise legal issues, at least in countries with
reasonably sane laws, but think of all the faulty patches Microsoft has
released in the past; while the Xbox is a closed system and thus easy to
test, how would you like to come into work one morning and find all your
Longhorn servers bluescreened and unbootable because a critical security
patch broke your Acme Super-RAID driver?

  --Andrew Church
    achurch@...urch.org
    http://achurch.org/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ