Full Disclosure mailing list archives

Re: Microsoft issues out-of-band patch

From: "James Rankin" <kz20fl () googlemail com>
Date: Fri, 19 Dec 2008 14:55:05 +0000

"MI5 have their systems patched against
flaws that are not known about by other entities"

Yeah, of course they do. because writing your own patches will definitely
make sure that your enterprise is properly supported and secured, and all
your mission-critical apps will continue to function. I remember someone
writing their own patch for an exploitable vulnerability a few years ago and
MS were quick to warn everyone thinking of using it that it would invalidate
their support agreements. Of course I am sure MI5 have their own versions of
their core operating systems, a support staff that can rewrite the entire NT
kernel, and aren't just part of the UK government's hugely-outsourced IT
function.

Incidentally save your flames, I was doing my Friday spam clearout when I
saw this.

Cheers,

JJ

2008/12/19 n3td3v <xploitable () gmail com>

"The software giant rushed out a fix for the security issue in eight
days, following its discovery that online criminals were using the
flaw to attack Internet users."

http://www.securityfocus.com/brief/873

This is because they usually hold back disclosure and patch release so
the intelligence services can backdoor criminal and terrorist pc's.

We're not saying Microsoft has never been capable to release a patch
in eight days, we're saying there is an agreement with the government
not to, unless a flaw is publicly known and is affecting the
internet-at-large.

There are a ton of zero-day that Microsoft and the government know
about and are used for intelligence purposes, they are kept secret
unless the public know about it and the zero-day becomes a threat to
the government.

Though the fact is this, MI5 have zero-day that not even Microsoft
know about and not only this, MI5 have their systems patched against
flaws that are not known about by other entities.

What i'm saying is this: MI5's systems are patched against flaws that
only they know about and their technicians have developed their own
in-house patches for them.

If that isn't impressive I don't know what is.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Microsoft issues out-of-band patch n3td3v (Dec 19)
- Re: Microsoft issues out-of-band patch James Rankin (Dec 19)
  - Re: Microsoft issues out-of-band patch n3td3v (Dec 19)
    - Re: Microsoft issues out-of-band patch Bipin Gautam (Dec 19)
    - Re: Microsoft issues out-of-band patch Some Guy Posting To Full Disclosure (Dec 19)
    - Re: Microsoft issues out-of-band patch n3td3v (Dec 19)
    - Re: Microsoft issues out-of-band patch Ureleet (Dec 21)
    - Re: Microsoft issues out-of-band patch Valdis . Kletnieks (Dec 22)
- Re: Microsoft issues out-of-band patch Ureleet (Dec 19)
- Re: Microsoft issues out-of-band patch Nick FitzGerald (Dec 21)
  - Re: Microsoft issues out-of-band patch n3td3v (Dec 21)
    - Re: Microsoft issues out-of-band patch kevin . fielder (Dec 21)

(Thread continues...)