lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <9E97F0997FB84D42B221B9FB203EFA27020235C1@dc1ms2.msad.brookshires.net>
Date: Wed Jan  4 19:56:55 2006
From: toddtowles at brookshires.com (Todd Towles)
Subject: Unofficial Microsoft patches help hackers,
	not    security

The experts are just that..experts. How is releasing a patch that cuts
out a vulnerable function in a DLL going to help attackers?
 
Example??
 
Releasing patches helps hackers when exploits don't already exist...but
in this case, they do already exist. A patch (even from Microsoft) isn't
going to give hackers/attackers anymore information then they currently
have and are using.
 
Attackers RCE microsoft patches all the time, to find the vulnerable
function and to create exploits. This is true, but in this case..it
isn't needed. 
 
 


________________________________

	From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Joe
Average
	Sent: Wednesday, January 04, 2006 12:33 PM
	To: full-disclosure@...ts.grok.org.uk
	Subject: [Full-disclosure] Unofficial Microsoft patches help
hackers, not security
	
	
	It has been said on C|NET/SecurityFocus and other places that
"experts" are telling people to use unofficial patches, and to make
things worse the "experts" are releasing patches. You've got to wonder
who these "experts" are. By releasing unofficial patches, all you're
doing is aiding the hackers, it doesn't help the situation one little
bit for the overall picture of protecting Microsoft consumers. The
majority of consumers aren't getting your unofficial patches, but you
can be sure the hackers are using them, and using them to their
advantage. If these unofficial patches weren't being released and
experts weren't telling people to use them, I wouldn't be calling for
Microsoft to bring forward the release date for the patch before the end
of the week. It's the "experts" here who have now made the situation ten
times worse, by giving their very bad advice and releasing their own
unofficial patches. 
	 
	Well done the experts,
	 
	You deserve the title after all
	 
	More some more:
	http://n3td3v.blogspot.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060104/03a92cb6/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ