lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <NMEAJDJMDLJLOIOCIKJJGEHMEPAA.exibar@thelair.com>
From: exibar at thelair.com (Exibar)
Subject: Microsoft source code "leak"

Anyone ever think that perhaps Microsoft "leaked" this section of code on
purpose?  Right now there are 1,000's of hacker types and curious types
pouring over that code looking for flaws.  Sounds like there was already a
flaw found using a signed integer as an offset, I've also heard that there
is an exploited version of Notepad floating around now too...

  Microsoft can't pay to have this kind of QA done in house (who could?), so
why not release a piece of source and let everyone do it for them?

  Could be that it's a clever way to distract from the ASN.1 flaw that was
found too... release a bit of code that is meaningless and the exploit
writers will be too busy looking through that code to write a huge exploit
for ASN.1?

  Ok, sounds like a conspiracy theroys doesn't it?  And it probably isn't
true, but stranger things have happened :-)

 Exibar


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ