Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Microsoft to give holes info to Uncle Sam first

From: Feher Tamas <etomcat () freemail hu>
Date: Sat, 12 Mar 2005 16:29:54 +0100 (CET)
Hello,

I already got an e-mail asking why I am a tinfoil-hat
conspiracist and what is the problem with Microsoft giving
fixes to US gov't in advance?

If Microsoft gives fixes info to Uncle Sam first, it gives
USA the exploits first.

I mean you just unpack the hotfix installer first to see
what files got changed and then you compare the new and old
files' code to see what routines were changed. With diligent
effort you can find out why code had to be modified and then
reverse engineer or brute force an exploit. Virus writers do
this almost always.

Considering the vast resources available to US federal govt,
they would have a working exploit in a day, even if MS only
gave them the hotfixes in binary format. They could use the
more serious exploits to illegally access people's computers
in America and abroad (muslims, environmentalists, german
and french people, etc.) and blame it on ordinary
underground hackers if discovered.

If you find a bug and tell MS about it and agree to keep
your mouth shut until the security fixes become public, then
now you essentially give DoD and DoHS 29 days to do whatever
they want and no judge will know if John Doe's PC ever gets
tapped. Maybe it's not even punishable if a commercial
entiry (M$) gave voluntarily them the fixes, which became
the source of exploit.

I think IT people should write "security () microsoft com" en
masse and thell Redmond this is an unacceptable practice.

Elsewhere in the news: as for the Windows rootkit  finders I
wrote about yesterday, they do seem to work. At least one
new (yet unknown) rootkit has been found using them. The
problem is these tools are heuristic in nature and user
often thinks: whoaa that many alerts, must be a false alarm!
Well it was not, it was a cracked game distributor
mechanism. If there is an alarm, do sumbit the files to your
AV vendor's sample e-mail to find out exactly what's wrong.

Regards: Tamas Feher
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://www.secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: