Full Disclosure mailing list archives
Re: InfoSec sleuths beware ...
From: Byron Copeland <nodialtone () comcast net>
Date: 18 Feb 2004 23:10:36 -0500
Mad, OK, you have a good point there, but its only a fraction of the code anyway. If they really wanted it audited, by releasing it on purpose as you and others have eluded, then why not release the entire distribution? Here, I have released some of my distribution and like I have said, you find something wrong, you fix it! Or, re-write it. http://home.comcast.net/~nodialtone On Wed, 2004-02-18 at 21:39, madsaxon wrote:
At 01:45 PM 2/18/2004 -0800, you wrote:Did I miss the thread or has no one yet postulated that the Microsoft source code subset was leaked intentionally in order to afford M$ the free services of hundreds or thousands of security researchers auditing their code for them?You missed the thread: From: Exibar exibar () thelair com Sun, 15 Feb 2004 12:39:25 -0500 Subject: Microsoft source code "leak" Anyone ever think that perhaps Microsoft "leaked" this section of code on purpose? Right now there are 1,000's of hacker types and curious types pouring over that code looking for flaws. Sounds like there was already a flaw found using a signed integer as an offset, I've also heard that there is an exploited version of Notepad floating around now too... Microsoft can't pay to have this kind of QA done in house (who could?), so why not release a piece of source and let everyone do it for them? Could be that it's a clever way to distract from the ASN.1 flaw that was found too... release a bit of code that is meaningless and the exploit writers will be too busy looking through that code to write a huge exploit for ASN.1? Ok, sounds like a conspiracy theroys doesn't it? And it probably isn't true, but stranger things have happened :-) Exibar _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- InfoSec sleuths beware, Microsoft's attorneys may be knocking at your door Bernie, CTA (Feb 18)
- Re: InfoSec sleuths beware, Microsoft's attorneys may be knocking at your door Blue Boar (Feb 18)
- Re: InfoSec sleuths beware, Microsoft's attorneys may be knocking at your door Cael Abal (Feb 18)
- Re: InfoSec sleuths beware ... Gregory A. Gilliss (Feb 18)
- Re: InfoSec sleuths beware ... Nancy Kramer (Feb 18)
- RE: InfoSec sleuths beware ... Aditya, ALD [Aditya Lalit Deshmukh] (Feb 19)
- Re: InfoSec sleuths beware ... madsaxon (Feb 18)
- Re: InfoSec sleuths beware ... Byron Copeland (Feb 18)
- Re: InfoSec sleuths beware ... madsaxon (Feb 18)
- Re: InfoSec sleuths beware ... Exibar (Feb 19)
- Re: InfoSec sleuths beware ... Dave Horsfall (Feb 19)
- Re: InfoSec sleuths beware ... Exibar (Feb 19)
- Re: InfoSec sleuths beware ... michael williamson (Feb 19)
- Re: InfoSec sleuths beware ... Calum (Feb 19)
- Re: InfoSec sleuths beware ... Dave Horsfall (Feb 20)
- Re: InfoSec sleuths beware, Microsoft's attorneys may be knocking at your door Blue Boar (Feb 18)
- Re: InfoSec sleuths beware ... Gregory A. Gilliss (Feb 19)