Full Disclosure mailing list archives
Re: Bill Gates blames the victim
From: Paul Schmehl <pauls () utdallas edu>
Date: Sun, 31 Aug 2003 11:16:32 -0500
--On Sunday, August 31, 2003 12:31:03 -0300 pandora () swi com br wrote:
The only thing we know for certain is that they didn't find them all. That point has been driven home decisively by Blaster and Nachi.And what about the flaws MS probably found during the code audit and that were never published? I would like to see MS releasing patches/fixes for flaws they found during these audits. Or did they find none?
During the launch of Windows XP, Microsoft announced that they had "eliminated" buffer overflows in Windows XP (using a commercial tool that they had purchased.) One month later eEye announced what I still believe to be the most devastating hole in Windows, the UPnP vulnerability. It hasn't been exploited like RPC DCOM has, but it's an even more serious vulnerabilty.
How many more are lying around waiting to be exploited? It's obvious that Microsoft doesn't know.
Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Bill Gates blames the victim Richard M. Smith (Aug 31)
- Re: Bill Gates blames the victim B.K. DeLong (Aug 31)
- Re: Bill Gates blames the victim pandora (Aug 31)
- Re: Bill Gates blames the victim Paul Schmehl (Aug 31)
- Re: Bill Gates blames the victim Florian Weimer (Aug 31)
- Re: Bill Gates blames the victim Peter Busser (Aug 31)