| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: b.griffin at cqu.edu.au (Brad Griffin) Subject: Trivial Bug in Symantec Security Products -----Original Message----- From: full-disclosure-bounces@...ts.netsys.com [mailto:full-disclosure-bounces@...ts.netsys.com] On Behalf Of Gregh Sent: Tuesday, January 04, 2005 6:33 AM To: Disclosure Full Subject: Re: [Full-Disclosure] Trivial Bug in Symantec Security Products > > Somehow, Symantec engineers have not implemented a mechanism to disallow a > user from installing the patches via changing the date on their computer > back to when the original program was installed and then running the > "Intelligent Updater." **** You think THAT is bad? Up till NIS2005 which I haven't tested so cant say if it does or doesn't, you could install Nortons, run the year and then wipe your machine and reinstall all then install Nortons again and get yet another full year licence without paying a cent, over and over and over. In short, buy once and never pay again. Greg. **** Well, yep. How exactly would you expect to implement a block if the system sees the software as being installed for the first time? I guess you must be thinking along the lines of "shouldn't Symantec place a date check in the installer so that if the software is for example two years old, it will not install period?" However, in the case of OEM software, this could end up being an issue for those who buy old stock items, or are buying end of run OEM systems. Sil's comment relates to something that can be fixed easily with little or no issues for legitimate users. Cheers, Gryph
Powered by blists - more mailing lists