lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040110044404.GA473@sentinelchicken.org>
From: tim-security at sentinelchicken.org (Tim)
Subject: 3 new MS patches next week... but none fix

> Time for me to get on my soapbox too.
> 
> What are the three patches, what's your source of information, and do they
> fix things readers of this list need to know about?
> 
> Less gossip, more information, please.

Sorry if you consider this to be more gossip.  I know nothing of these 3
patches being released, but I thought this bit of background might be
illuminating: 

A certain very large vendor has been trying to court my company, and
during small talk over lunch, we mentioned we were very busy with the M$
patch batch of the month.  In a little mum's-the-word response, the
vendor representative implied that they could make that problem 
"go away" with something they called "virtual patches", which he was
quite smug about.  I was very confused at first, as he didn't appear to
be trying to sell a specific product, but when I ran the conversation
back through my mind, I realized that M$ must be giving pre-release
information to major vendors.  Probably for a heafty price tag.

This is sickening to me.  M$ likely is making money off of their own
liability.  This is very similar to the bullshit trick the ISC has been
pulling with BIND.

In any case, this may be the source of the leaks.  Not that this 3rd or
4th hand information should be trusted, but it might explain the source.

cheers,
tim


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ