Full Disclosure mailing list archives
Re: Microsoft issues out-of-band patch
From: "James Rankin" <kz20fl () googlemail com>
Date: Fri, 19 Dec 2008 14:55:05 +0000
"MI5 have their systems patched against flaws that are not known about by other entities" Yeah, of course they do. because writing your own patches will definitely make sure that your enterprise is properly supported and secured, and all your mission-critical apps will continue to function. I remember someone writing their own patch for an exploitable vulnerability a few years ago and MS were quick to warn everyone thinking of using it that it would invalidate their support agreements. Of course I am sure MI5 have their own versions of their core operating systems, a support staff that can rewrite the entire NT kernel, and aren't just part of the UK government's hugely-outsourced IT function. Incidentally save your flames, I was doing my Friday spam clearout when I saw this. Cheers, JJ 2008/12/19 n3td3v <xploitable () gmail com>
"The software giant rushed out a fix for the security issue in eight days, following its discovery that online criminals were using the flaw to attack Internet users." http://www.securityfocus.com/brief/873 This is because they usually hold back disclosure and patch release so the intelligence services can backdoor criminal and terrorist pc's. We're not saying Microsoft has never been capable to release a patch in eight days, we're saying there is an agreement with the government not to, unless a flaw is publicly known and is affecting the internet-at-large. There are a ton of zero-day that Microsoft and the government know about and are used for intelligence purposes, they are kept secret unless the public know about it and the zero-day becomes a threat to the government. Though the fact is this, MI5 have zero-day that not even Microsoft know about and not only this, MI5 have their systems patched against flaws that are not known about by other entities. What i'm saying is this: MI5's systems are patched against flaws that only they know about and their technicians have developed their own in-house patches for them. If that isn't impressive I don't know what is. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Microsoft issues out-of-band patch n3td3v (Dec 19)
- Re: Microsoft issues out-of-band patch James Rankin (Dec 19)
- Re: Microsoft issues out-of-band patch n3td3v (Dec 19)
- Re: Microsoft issues out-of-band patch Bipin Gautam (Dec 19)
- Re: Microsoft issues out-of-band patch Some Guy Posting To Full Disclosure (Dec 19)
- Re: Microsoft issues out-of-band patch n3td3v (Dec 19)
- Re: Microsoft issues out-of-band patch Ureleet (Dec 21)
- Re: Microsoft issues out-of-band patch Valdis . Kletnieks (Dec 22)
- Re: Microsoft issues out-of-band patch n3td3v (Dec 19)
- Re: Microsoft issues out-of-band patch James Rankin (Dec 19)
- Re: Microsoft issues out-of-band patch n3td3v (Dec 21)
- Re: Microsoft issues out-of-band patch kevin . fielder (Dec 21)