lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <200408132227.i7DMRuAh016881@turing-police.cc.vt.edu>
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu)
Subject: SP2 is killing me. Help? 

On Thu, 12 Aug 2004 03:33:18 PDT, Harlan Carvey said:

> Wow!  MS goes about doing what the security folks have
> been harping on for years...providing a modicum of
> security in their operating system...and now it's a
> "crap update"?  Protection against buffer overflows,
> the firewall on by default, etc...what we've been
> asking for and harping on...and you come back with
> "crap updates"?!?

Totally ignoring for the moment whether SP2 is actual crap or not,
consider the following:

It *IS* totally possible for it to include a lot of features it's been needing
for years, and *still* be a crap update due to other bugs.

As a straw-man "for instance" - I think you'd agree that even an SP that
made it *totally* secure would still qualify as a "crap update" if it got a BSOD
every time a USB device was plugged or unplugged....

(Of course, if the "crap" is "my app broke because my vendor was lame and
relied on buggy or insecure techniques closed down by SP2", the proper
thing to do is to flame the lame vendor....)

As an aside, MS had their collective heads in a warm dark orifice when they
listened to Gibson and took out the "raw packet" functionality - I mean, it
isn't like there aren't *other* ways that malware can send out a raw packet.
If anything, they should have put it *in* so malware could use a standard supported
API rather than some bletcherous backdoor method that destabilized the system. ;)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040813/67654160/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ