| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: mattmurphy at kc.rr.com (Matthew Murphy) Subject: Windows Dcom Worm planned DDoS "Nick FitzGerald" <nick@...us-l.demon.co.uk> writes: > And, of course, if MS started messing with the DNS entries for > windowsupdate.com, it would be cutting an awful lot of users off from > much needed updates. which could be as disturbing as the rest of the > worm's effects... Well, this could potentially be the case. However, the actual domain used by the WU server is "windowsupdate.microsoft.com". At this point, "windowsupdate.com" is just a redirect for sloppy admins/users. The WU binaries distributed with systems (i.e, Automatic Updating on Windows XP), and the internal Microsoft documentation all point users to "windowsupdate.microsoft.com", so disabling the DNS of "windowsupdate.com" would not prevent updating if the user has the proper reference material at hand. That said, even if Microsoft *did* mess with the DNS, that would result in a flurry of port 53 traffic to perform the resolutions. Also, you still have a potential for a slight negative effect on patch distribution, and patch distribution is a *needed* channel. Of course, if WU gets taken down by the floods, we're back at square one, as WU remains the primary distribution mechanism for patches to home users.
Powered by blists - more mailing lists