[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <9E97F0997FB84D42B221B9FB203EFA27020235C1@dc1ms2.msad.brookshires.net>
Date: Wed Jan 4 19:56:55 2006
From: toddtowles at brookshires.com (Todd Towles)
Subject: Unofficial Microsoft patches help hackers,
not security
The experts are just that..experts. How is releasing a patch that cuts
out a vulnerable function in a DLL going to help attackers?
Example??
Releasing patches helps hackers when exploits don't already exist...but
in this case, they do already exist. A patch (even from Microsoft) isn't
going to give hackers/attackers anymore information then they currently
have and are using.
Attackers RCE microsoft patches all the time, to find the vulnerable
function and to create exploits. This is true, but in this case..it
isn't needed.
________________________________
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Joe
Average
Sent: Wednesday, January 04, 2006 12:33 PM
To: full-disclosure@...ts.grok.org.uk
Subject: [Full-disclosure] Unofficial Microsoft patches help
hackers, not security
It has been said on C|NET/SecurityFocus and other places that
"experts" are telling people to use unofficial patches, and to make
things worse the "experts" are releasing patches. You've got to wonder
who these "experts" are. By releasing unofficial patches, all you're
doing is aiding the hackers, it doesn't help the situation one little
bit for the overall picture of protecting Microsoft consumers. The
majority of consumers aren't getting your unofficial patches, but you
can be sure the hackers are using them, and using them to their
advantage. If these unofficial patches weren't being released and
experts weren't telling people to use them, I wouldn't be calling for
Microsoft to bring forward the release date for the patch before the end
of the week. It's the "experts" here who have now made the situation ten
times worse, by giving their very bad advice and releasing their own
unofficial patches.
Well done the experts,
You deserve the title after all
More some more:
http://n3td3v.blogspot.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060104/03a92cb6/attachment.html
Powered by blists - more mailing lists