[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] InfoSec sleuths beware ...

To: madsaxon <madsaxon@direcway.com>
Subject: Re: [Full-Disclosure] InfoSec sleuths beware ...
From: Byron Copeland <nodialtone@comcast.net>
Date: 18 Feb 2004 23:10:36 -0500

Mad,

OK, you have a good point there, but its only a fraction of the code
anyway.  If they really wanted it audited, by releasing it on purpose as
you and others have eluded, then why not release the entire
distribution?

Here, I have released some of my distribution and like I have said, you
find something wrong, you fix it! Or, re-write it.

http://home.comcast.net/~nodialtone


On Wed, 2004-02-18 at 21:39, madsaxon wrote:
> At 01:45 PM 2/18/2004 -0800, you wrote:
> 
> >Did I miss the thread or has no one yet postulated that the Microsoft
> >source code subset was leaked intentionally in order to afford M$ the
> >free services of hundreds or thousands of security researchers auditing
> >their code for them?
> 
> You missed the thread:
> 
> From: Exibar  exibar@thelair.com
> Sun, 15 Feb 2004 12:39:25 -0500
> Subject: Microsoft source code "leak"
> 
> Anyone ever think that perhaps Microsoft "leaked" this section of code on
> purpose?  Right now there are 1,000's of hacker types and curious types
> pouring over that code looking for flaws.  Sounds like there was already a
> flaw found using a signed integer as an offset, I've also heard that there
> is an exploited version of Notepad floating around now too...
> 
>    Microsoft can't pay to have this kind of QA done in house (who could?), 
> so why not release a piece of source and let everyone do it for them?
> 
>    Could be that it's a clever way to distract from the ASN.1 flaw that was
> found too... release a bit of code that is meaningless and the exploit
> writers will be too busy looking through that code to write a huge exploit
> for ASN.1?
> 
>    Ok, sounds like a conspiracy theroys doesn't it?  And it probably isn't
> true, but stranger things have happened :-)
> 
>   Exibar
> 
> 
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] InfoSec sleuths beware ...
  - From: madsaxon <madsaxon@direcway.com>

References:
- Re: [Full-Disclosure] InfoSec sleuths beware, Microsoft's attorneys may be knocking at your door
  - From: Blue Boar <BlueBoar@thievco.com>
- [Full-Disclosure] InfoSec sleuths beware, Microsoft's attorneys may be knocking at your door
  - From: "Bernie, CTA" <cta@hcsin.net>
- Re: [Full-Disclosure] InfoSec sleuths beware ...
  - From: madsaxon <madsaxon@direcway.com>

Prev by Date: Re: [Full-Disclosure] Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution
Next by Date: Re: [Full-Disclosure] InfoSec sleuths beware ...
Previous by thread: Re: [Full-Disclosure] InfoSec sleuths beware ...
Next by thread: Re: [Full-Disclosure] InfoSec sleuths beware ...
Index(es):
- Date
- Thread