[9502] in bugtraq
Re: ISS Internet Scanner Cannot be relied upon for conclusive
daemon@ATHENA.MIT.EDU (Jim Trocki)
Fri Feb 12 12:50:59 1999
Date: Thu, 11 Feb 1999 10:46:40 -0800
Reply-To: Jim Trocki <trockij@TRANSMETA.COM>
From: Jim Trocki <trockij@TRANSMETA.COM>
X-To: David LeBlanc <dleblanc@MINDSPRING.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <3.0.3.32.19990209113807.00cc2940@mail.mindspring.com>
On Tue, 9 Feb 1999, David LeBlanc wrote:
> >How does ISS handle the NT example referenced above??
>
> We get that one right. All the NT patch checks are based on file
> timestamps, not service pack numbers. We have seperate checks for just
> service pack numbers, since you need less access to get the SP level than
> to get timestamps on system files.
C'mon. Haven't you learned to use digital signatures (like MD5) instead
of timestamps to identify files? A timestamp is a bunch of crap, and
it has no relation at all to the contents of the file. You could easily
build a database of MD5 hashes of the different DLLs which are included
in each different service pack, and use that to identify SP levels.
Jim Trocki <trockij@transmeta.com>
Computer System and Network Engineer
Transmeta Corporation
Santa Clara, CA
