<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Bugtraq: Re: Distributing Patches in Email (was: RE: EZ Shopper 3.0 shopping cart CGI remote command execution)

Re: Distributing Patches in Email (was: RE: EZ Shopper 3.0 shopping cart CGI remote command execution)

From: der Mouse <mouse_at_RODENTS.MONTREAL.QC.CA>
Date: Fri, 3 Mar 2000 19:45:22 -0500

> As someone who works for a vendor that does distribute product
> updates via email, I feel that I need to respond. An exception the
> rule Marc mentions should be non-executable, strongly signed updates.

Not good enough - it's too easy for someone to save an old update, then
much later, after bugs are known in it, forge mail from you including
the "update", thereby reintroducing known bugs into the customer's
system.

der Mouse

mouse_at_rodents.montreal.qc.ca
7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Received on Mar 06 2000

This message: [ Message body ]
Next message: Derek Callaway: "(fwd) Dump/restore 0.4b15 released"
Previous message: David LeBlanc: "Re: Disk (over)quota in Windows 2000"
Maybe in reply to: Scott Blake: "Distributing Patches in Email (was: RE: EZ Shopper 3.0 shopping cart CGI remote command execution)"
Next in thread: Derek Callaway: "(fwd) Dump/restore 0.4b15 released"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos