[31386] in bugtraq
Re: Windows Update: A single point of failure for the world's economy?
daemon@ATHENA.MIT.EDU (Stefano Zanero)
Wed Sep 3 02:05:31 2003
Message-ID: <08bc01c36ff2$5ee1c910$03c8a8c0@vplab.local>
From: "Stefano Zanero" <stefano.zanero@ieee.org>
To: "BugTraq" <BUGTRAQ@securityfocus.com>
Date: Sun, 31 Aug 2003 21:01:49 +0200
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
> I know of no patch which caused all systems to shutdown, or refuse to
reboot.
Ahem, Russ, this is something of a bold claim, unless you stress the ALL :)
There have been some deeply troubling patches in the past, I hope you're not
trying to dismiss that.
And about mis-signatures, may I remind you of the fact that a Microsoft
certificate was wrongly released and signed by Verisign a number of months
ago ?
Enabling a world-wide auto-update feature does indeed seem much of a
security risk to me.
Regards,
Stefano
