lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed Jan  4 21:37:30 2006
From: toddtowles at brookshires.com (Todd Towles)
Subject: Unofficial Microsoft patches help hackers,
	not security

MW said:
> this happened with the last pnp exploit
> one of the worms patched the hole,
> thus ensuring their malware stayed,
> and the box was no longer vuln
> ( to the competition??? can we say adware? )
> 
> looks like a growing trend.

Agreed, this is a problem. But real problem is that it was attacked,
infected without detection. So cares if it is patched or not...if the
person watching the box doesn't know it..then let it get infected with
million things. The blame goes to the administrator is the box for not
cleaning the infection.

This trend does nothing to prove netdev's post however. The situtation
that MW shows here, happens all the time. How many people are infected
with SDBot, but then apply the correct Microsoft patch to fix the hole.
They are still infected....the patch being applied after the fact has no
real effect on the security of the system.

Powered by blists - more mailing lists