lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <0H2P00JHZCZUC3@smtp1.clear.net.nz>
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: Re: MS-02-052

> Does anybody else find it disturbing that today's JVM patch can only
> be installed through Windows Update, ...

Yes.

And, as a more general point, it is most frustrating for those who 
have to admin (or oversee the admin of) Losedows boxes but who have 
the option themselves of either not running the MS bug-fest known as 
Internet Explorer and/or don't run Losedows themselves that MS takes 
this and similar Losedows-centric approaches to patch availability.

It seems that part of "Trustworthy Computing" is that what makes 
sense and is useful to those who actually try to practice it in 
their day to day endeavours is not taken into account.  MS should 
make full "network install" kits for all downloadable upgrades, 
service packs, etc and should make them readily available from an 
easily accessible location and make them obtainable with any 
minimally functional "browser" (even wget).  Failure to do this (or, 
at least to make the locations of such things damned hard to find 
when they available) shows just how much MS really cares for your 
security -- it seems MS cares enough about it that MS would rather 
save some of its plentitude of dimes by reducing their bandwidth 
charges...

> ... and the Windows Update site now
> attempts to install an unsigned control
> (http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.cab)
> after informing the user to "click Yes on any Security Warnings that
> pop up"?

8-)

What can we say?

You _are_ talking about Microsoft...


Regards,

Nick FitzGerald

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ