Bugtraq mailing list archives
Re: ISS Internet Scanner Cannot be relied upon for conclusive
From: francis.favorini () DUKE EDU (Francis Favorini)
Date: Fri, 12 Feb 1999 15:45:06 -0500
David LeBlanc [mailto:dleblanc () mindspring com] wrote...
At 07:37 PM 2/10/99 +1100, Darren Reed wrote:In some mail from David LeBlanc, sie said:We check file dates when checking for NT patches, and would catch
your
example.I don't see how that can be considered "adequate".Because it is going to be accurate on 99+% of NT systems. The file timestamps are all the same when you install a hotfix.
What about daylight savings, which can change the time of a file by one hour, which in turn can bump it to a new date? What about patches that don't change file dates or sizes? (Like some of the recent Office 97 ones.) -Francis
Current thread:
- remote fakebo shell exploit, (continued)
- remote fakebo shell exploit Groovy Pants Gus (Feb 11)
- AW: Security Bug in Bintec Router Firmware (CLID) Thomas Schmidt (Feb 11)
- Re: Security Bug in Bintec Router Firmware (CLID) Pascal Gienger (Feb 11)
- Seeking Policy Data Loftin C. Woodiel (Feb 11)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive David LeBlanc (Feb 09)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive der Mouse (Feb 10)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Ulf Munkedal (Feb 10)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Brian Koref (Feb 11)
- Buffer overflow in Serve-U Ryan Sweat (Feb 11)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Phil Waterbury (Feb 11)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Francis Favorini (Feb 12)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Steven M. Christey (Feb 12)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Daniele Orlandi (Feb 13)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Shaun Lowry (Feb 15)