Full Disclosure mailing list archives
Re: RE: W2K source "leaked"?
From: Valdis.Kletnieks () vt edu
Date: Fri, 13 Feb 2004 22:22:28 -0500
On Fri, 13 Feb 2004 20:22:32 CST, Paul Schmehl <pauls () utdallas edu> said:
I suspect that flaws will probably be found. After all, they already have been found without the source. It's only logical that with the source in hand more flaws will be found.
And at a vastly increased rate. We have to assume at this point that every serious black hat now has a copy of at least 660M of MS source. And while holes can be found by disassembly and reverse engineering, it goes a LOT faster with the source. What was a string of 12 LOAD and STORE opcodes with 2 ADDS thrown in and then a CALL suddenly becomes: "Holy <insert Elder God here>. They never called strlen()"....
Attachment:
_bin
Description:
Current thread:
- Re: RE: W2K source "leaked"?, (continued)
- Re: RE: W2K source "leaked"? Sebastian Dietz (Feb 13)
- RE: Re: W2K source "leaked"? Otero, Hernan (EDS) (Feb 13)
- RE: RE: W2K source "leaked"? John . Airey (Feb 13)
- RE: RE: W2K source "leaked"? Nick Jacobsen (Feb 13)
- Re: W2K source "leaked"? SMORRIS (Feb 13)
- RE: W2K source "leaked"? Drew Copley (Feb 13)
- RE: RE: W2K source "leaked"? Schmehl, Paul L (Feb 13)
- RE: RE: W2K source "leaked"? Tobias Weisserth (Feb 13)
- Re: RE: W2K source "leaked"? Valdis . Kletnieks (Feb 13)
- RE: RE: W2K source "leaked"? Paul Schmehl (Feb 13)
- Re: RE: W2K source "leaked"? Valdis . Kletnieks (Feb 13)
- RE: RE: W2K source "leaked"? Tobias Weisserth (Feb 13)
- RE: Re: W2K source "leaked"? Drew Copley (Feb 13)
- RE: Re: W2K source "leaked"? Nick FitzGerald (Feb 14)
- RE: W2K source "leaked"? Joe Quigley (Feb 13)
- Re: RE: W2K source "leaked"? Ake Nordin (Feb 13)
- RE: RE: W2K source "leaked"? Drew Copley (Feb 13)
- Re: W2K source "leaked"? somenym81 (Feb 16)