| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.64.0601041439250.12125@localhost.localdomain> Date: Wed Jan 4 19:40:55 2006 From: gboyce at badbelly.com (gboyce) Subject: Unofficial Microsoft patches help hackers, not security On Wed, 4 Jan 2006, Joe Average wrote: >> From my blog: > > ""[Unofficial patches are available, as is a leaked official patch] > [Unofficial patches are merely used by hackers as a tool to patch machines > they've compromised, to stop other hackers hacking the same machine, > although the machine is still accessable to the hacker.] [The consumer goes > along to Windows Update on Tuesday and doesn't think they need a patch, > because Microsoft tells them its not needed. Little does the consumer know > their machine was patched by a hacker, who now has control over their > computer network.]"" > > It means the unofficial patch is as harmful as the vulnerability and exploit > code its self. Situation 1) Hacker exploits system Hacker installs rootkit Hacker patches vulnerability User checks for updates, and sees no vulnerabilities needing patches Situation 2) Hacker exploits system Hacker installs rootkit User checks for updates, and sees patch to WMF vulnerbility, and installs Your comment seems to indicate that #2 here is somehow safer than #1, but I don't really see how. At the end of the day you're still patched, and you're still already owned. Detecting the exploit and rootkit are still going to have to happen outside of the patching process. Or am I missing something? -- Greg
Powered by blists - more mailing lists