Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: InfoSec sleuths beware ...

From: madsaxon <madsaxon () direcway com>
Date: Wed, 18 Feb 2004 20:39:46 -0600
At 01:45 PM 2/18/2004 -0800, you wrote:


Did I miss the thread or has no one yet postulated that the Microsoft
source code subset was leaked intentionally in order to afford M$ the
free services of hundreds or thousands of security researchers auditing
their code for them?


You missed the thread:

From: Exibar  exibar () thelair com
Sun, 15 Feb 2004 12:39:25 -0500
Subject: Microsoft source code "leak"

Anyone ever think that perhaps Microsoft "leaked" this section of code on
purpose?  Right now there are 1,000's of hacker types and curious types
pouring over that code looking for flaws.  Sounds like there was already a
flaw found using a signed integer as an offset, I've also heard that there
is an exploited version of Notepad floating around now too...
Microsoft can't pay to have this kind of QA done in house (who could?), so why not release a piece of source and let everyone do it for them? 

  Could be that it's a clever way to distract from the ASN.1 flaw that was
found too... release a bit of code that is meaningless and the exploit
writers will be too busy looking through that code to write a huge exploit
for ASN.1?

  Ok, sounds like a conspiracy theroys doesn't it?  And it probably isn't
true, but stranger things have happened :-)

 Exibar




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: