| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: lists2 at onryou.com (Cael Abal) Subject: While we're on the subject of Microsoft and their patches... -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I was reading the details of the 820291 Recommended Update (which is, oddly enough, a 1.0 MB patch implementing an additional Start Menu icon and associated help files) here: http://support.microsoft.com/?kbid=820291 When I noticed the following blurb which seems to be attached to all MS patches, but I'd never bothered to read: - ---snip--- Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file. The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel. Date Time Version Size File name - ----------------------------------------------------------- 29-May-2003 15:47 5.1.2600.1228 579,584 Appwiz.cpl 12-May-2003 01:12 6.0.2800.1221 996,352 Explorer.exe 12-May-2003 01:13 5.1.2600.1221 33,792 Shmgrate.exe 01-May-2003 21:37 20,223 Spad.chm - ---snip--- This is pretty silly -- they go out of their way to assure us their patches don't appear to contain viruses and that they are kept on 'security-enhanced servers that help to prevent any unauthorized changes', even going so far as to giving us date stamps, file sizes, and version numbers... But no md5 or sha-1 sums? If memory serves me right, even the Jerusalem virus preserved date stamps. Welcome to the '80s! Cael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (MingW32) iD8DBQFAgJQOR2vQ2HfQHfsRAhyiAKDH616rJ8Y6yA2OlDWaGbI3djcqGACfaDop j1zpt4y8U5+i0qgnWYys/nI= =EbvE -----END PGP SIGNATURE-----
Powered by blists - more mailing lists