lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3F426625.6060400@adelphia.net>
From: hescominsoon at adelphia.net (William Warren)
Subject: Windows Update: A single point of failure for
 the world's economy?

considering MS's record on issuing patches that cause more 
problems..this is indeed a worrisome trend..it also give MS carte' 
Blanche to keep creating such buggy code to begin with.

Richard M. Smith wrote:

> Hi,
> 
> The Washington Post has an article in today's paper saying that
> Microsoft is mulling over making the Auto-Update feature of Windows XP
> be turned on by default.  The article can be found here:
> 
>    Microsoft Weighs Automatic Security Updates as a Default 
>    http://www.washingtonpost.com/ac2/wp-dyn/A11579-2003Aug18
> 
> This move by Microsoft sounds pretty scary to me.  I am willing to bet
> that if Microsoft proceeds with these plans, the Windows Update Web site
> could easily distribute and install new software on hundreds of millions
> of Windows computers in a day or two.  
> 
> The risk here is that the system could be exploited by a disgruntled
> Microsoft employee and become the ultimate malware distribution system.
> It seems to me that the Microsoft is in the process of creating a single
> point of failure for the world's economy.
> 
> I am wondering what sort of security and accounting systems that
> Microsoft has in place to prevent an insider attack on the Windows
> Update Web site?
> 
> As one data point, yesterday I updated my wife's Windows Me laptop at
> the Windows Update site to repair the DCOM security hole.  One of the 20
> patch files I downloaded was something for DirectX.  This patch file
> caused the laptop to blue screen of death in some VxD near the end of
> the Windows boot process.  Luckily for me, the system seem to repair
> itself after the 4th reboot.  I really didn't relish the idea of
> explaining to my wife how I broke her laptop.
> 
> Richard M. Smith
> http://www.ComputerBytesMan.com
> 
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 

-- 
May God Bless you and everything you touch.

My "foundation" verse:
Isaiah 54:17 No weapon that is formed against thee shall prosper; and 
every tongue that shall rise against thee in judgment thou shalt 
condemn. This is the heritage of the servants of the LORD, and their 
righteousness is of me, saith the LORD.



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ