| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 03 Sep 2003 08:16:55 -0400 From: Lawrence MacIntyre <lpz@...l.gov> To: Stefano Zanero <stefano.zanero@...e.org> Cc: BugTraq <BUGTRAQ@...URITYFOCUS.COM> Subject: Re: Windows Update: A single point of failure for the world's economy? Stefano: I rebuilt my Windows 2000 system from scratch this spring because of an update. I can't remember the patch number anymore, but I remember that it was a critical security update. I also remember reading about it the day after it happened to me. Supposedly it was related to another patch that had been previously applied and it only happened to W2K Pro. The symptom was that the machine blue-screened during startup. Safe Mode didn't help. Now I don't let Windows Update touch my machine until the patch has been there for about 2 weeks and I haven't heard anything bad about it. On Sun, 2003-08-31 at 15:01, Stefano Zanero wrote: > > I know of no patch which caused all systems to shutdown, or refuse to > reboot. > > Ahem, Russ, this is something of a bold claim, unless you stress the ALL :) > There have been some deeply troubling patches in the past, I hope you're not > trying to dismiss that. > > And about mis-signatures, may I remind you of the fact that a Microsoft > certificate was wrongly released and signed by Verisign a number of months > ago ? > > Enabling a world-wide auto-update feature does indeed seem much of a > security risk to me. > > Regards, > Stefano > >
Powered by blists - more mailing lists