| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <78744869705CEF41A32C103C5C04F2200163A896@phxexc1.dswa.net> Date: Wed Jan 4 19:00:09 2006 From: ccarpenter at dswa.net (Christopher Carpenter) Subject: Unofficial Microsoft patches help hackers, not security ________________________________ From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Joe Average Sent: Wednesday, January 04, 2006 11:50 AM To: Niek; full-disclosure@...ts.grok.org.uk Subject: Re: [Full-disclosure] Unofficial Microsoft patches help hackers,not security >From my blog: ""[Unofficial patches are available, as is a leaked official patch] [Unofficial patches are merely used by hackers as a tool to patch machines they've compromised, to stop other hackers hacking the same machine, although the machine is still accessable to the hacker.] [The consumer goes along to Windows Update on Tuesday and doesn't think they need a patch, because Microsoft tells them its not needed. Little does the consumer know their machine was patched by a hacker, who now has control over their computer network.]"" It means the unofficial patch is as harmful as the vulnerability and exploit code its self. ------------snip------------------ While this might be the case with binary-only patches, the patch released by Ilfak Guilfanov comes with the source. Review it and compile it yourself if you are concerned. Chris -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060104/32afc0cc/attachment.html
Powered by blists - more mailing lists