lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 19 Dec 2008 14:55:05 +0000
From: "James Rankin" <kz20fl@...glemail.com>
To: n3td3v <xploitable@...il.com>
Cc: n3td3v <n3td3v@...glegroups.com>, full-disclosure@...ts.grok.org.uk
Subject: Re: Microsoft issues out-of-band patch

"MI5 have their systems patched against
flaws that are not known about by other entities"

Yeah, of course they do. because writing your own patches will definitely
make sure that your enterprise is properly supported and secured, and all
your mission-critical apps will continue to function. I remember someone
writing their own patch for an exploitable vulnerability a few years ago and
MS were quick to warn everyone thinking of using it that it would invalidate
their support agreements. Of course I am sure MI5 have their own versions of
their core operating systems, a support staff that can rewrite the entire NT
kernel, and aren't just part of the UK government's hugely-outsourced IT
function.

Incidentally save your flames, I was doing my Friday spam clearout when I
saw this.

Cheers,

JJ

2008/12/19 n3td3v <xploitable@...il.com>

> "The software giant rushed out a fix for the security issue in eight
> days, following its discovery that online criminals were using the
> flaw to attack Internet users."
>
> http://www.securityfocus.com/brief/873
>
> This is because they usually hold back disclosure and patch release so
> the intelligence services can backdoor criminal and terrorist pc's.
>
> We're not saying Microsoft has never been capable to release a patch
> in eight days, we're saying there is an agreement with the government
> not to, unless a flaw is publicly known and is affecting the
> internet-at-large.
>
> There are a ton of zero-day that Microsoft and the government know
> about and are used for intelligence purposes, they are kept secret
> unless the public know about it and the zero-day becomes a threat to
> the government.
>
> Though the fact is this, MI5 have zero-day that not even Microsoft
> know about and not only this, MI5 have their systems patched against
> flaws that are not known about by other entities.
>
> What i'm saying is this: MI5's systems are patched against flaws that
> only they know about and their technicians have developed their own
> in-house patches for them.
>
> If that isn't impressive I don't know what is.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists