lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <451448BF.8010301@kennedyinfo.com>
Date: Fri, 22 Sep 2006 16:34:07 -0400
From: Troy Cregger <tcregger@...nedyinfo.com>
To: "Dave \"No, not that one\" Korn" <davek_throwaway@...mail.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Windows Automatic Updates WTF?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Linux is the answer.

But, if you're in a situation (and probably are) that forces you to use
Micro$loth Winblow$ for some reason then you may have some well founded
WTFs there.

Dave "No, not that one" Korn wrote:
>     Is anyone else seeing this?
> 
>   I just noticed the 'updates waiting to be installed' shield icon in my
> systray. Popped it up, chose manual install to see what M$ was trying to
> shove down my throat this time. It was offering me the "Mydoom, Zindos, and
> Doomjuice Worm Removal Tool (KB836528). The text reads:-
> 
> " Size: 119 KB
> 
> This tool helps remove the Mydoom.A, Mydoom.B, Mydoom.E, Mydoom.F, Mydoom.J,
> Mydoom.L, Mydoom.O, Zindos.A, Doomjuice.A, and Doomjuice.B worms from
> infected systems. The appearance of this update means that your machine is
> likely infected with one or more of these worms. For more information on
> protecting your PC, visit the Microsoft Protect Your PC Web site at
> www.microsoft.com/protect.
> 
> More information for this update can be found at
> http://support.microsoft.com/default.aspx?kbid=836528 "
> 
>   So, WTF#1 is: what the hell makes them think my utterly clean machine 
> could
> possibly be infected? What kind of pseudo "detection" technique are they
> using?
> 
>   And on going to check the KB article, what do I see?
> 
> " Article ID : 836528
> 
> Last Review : March 8, 2005
> 
> This tool is no longer available. It has been replaced by the Microsoft
> Windows Malicious Software Removal Tool."
> 
>   So WTF#2 is: why the hell are they trying to push obsolete old garbage on
> me?
> 
>   I'm going to leave my workstation unplugged over the weekend, in case this
> is some kind of DRM or WGA update being forced on us under false pretences,
> and in case they decide to use their "Sod-what-settings-the-user-chose,
> make-them-install-the-update-and-forcibly-reboot-their-machine-losing-any-unsaved-work-in-the-progress" 
> remote control feature again.
> 
>     cheers,
>       DaveK

- --
Troy Cregger
Lead Developer, Technical Products.
Kennedy Information, Inc
One Phoenix Mill Ln, Fl 3
Peterborough, NH 03458
(603)924-0900 ext 662
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFFEi/nBEWLrrYRl8RAtcgAJ40BEyPBKxuV2nuUHdVFBdDwkVSqwCeKJbJ
GXcpFm17j4/9Mvm75jta0GQ=
=J6OQ
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ