lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1062591415.1812.151.camel@nautique>
Date: Wed, 03 Sep 2003 08:16:55 -0400
From: Lawrence MacIntyre <lpz@...l.gov>
To: Stefano Zanero <stefano.zanero@...e.org>
Cc: BugTraq <BUGTRAQ@...URITYFOCUS.COM>
Subject: Re: Windows Update: A single point of failure for the world's	economy?


Stefano:

I rebuilt my Windows 2000 system from scratch this spring because of an
update.  I can't remember the patch number anymore, but I remember that
it was a critical security update.  I also remember reading about it the
day after it happened to me.  Supposedly it was related to another patch
that had been previously applied and it only happened to W2K Pro.  The
symptom was that the machine blue-screened during startup.  Safe Mode
didn't help.

Now I don't let Windows Update touch my machine until the patch has been
there for about 2 weeks and I haven't heard anything bad about it.   

On Sun, 2003-08-31 at 15:01, Stefano Zanero wrote:
> >  I know of no patch which caused all systems to shutdown, or refuse to
> reboot.
> 
> Ahem, Russ, this is something of a bold claim, unless you stress the ALL :)
> There have been some deeply troubling patches in the past, I hope you're not
> trying to dismiss that.
> 
> And about mis-signatures, may I remind you of the fact that a Microsoft
> certificate was wrongly released and signed by Verisign a number of months
> ago ?
> 
> Enabling a world-wide auto-update feature does indeed seem much of a
> security risk to me.
> 
> Regards,
> Stefano
> 
> 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ