lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 30 Oct 2006 12:48:13 +1300
From: Nick FitzGerald <nick@...us-l.demon.co.uk>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: MS are doing Windows Updates for XP to IE7

Valdis.Kletnieks@...edu to Charles Hamby:

> > It seems to me that all you need to do is set Automatic Updates to tell you
> > when new patches are ready and then tell it to ignore IE7 if you don't want it.
> 
> Well, yes, if you are (a) clued and (b) know it's coming. If you've got it
> set to download-and-install at 3AM every Wednesday morning, you may be in for
> a surprise....

If you're _NOT_ clued enough to know better then you "deserve" the 
automatic, silent IE 7 "upgrade".

MS got this right.  True, it took about six years of nearly everyone 
with any clue outside MS beating the snot out of MS each time there was 
a massive "whoopsie" due to the fact they did not have something like 
this capabaility, or did but it was not the configured default, but 
eventually even MS came to see that it should not be responsible for 
allowing those too stupid to not know any better to keep shooting off 
both their feet each time there was an ItW exploit for an "old" Windows 
remote arbitrary code exploit.

_AND_, the world has been a better (still far from perfect, but better) 
place since SP2 started to roll-out and change default WU configs to 
the then-new default of "auto-download and install".

If you're too stupid to know to change it, it is precisely the kind of 
thing you need _and_ the rest of the world should be thankful for.


Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ