Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Distributing Patches in Email (was: RE: EZ Shopper 3.0 shopping cart CGI remote command execution)
From: mouse () RODENTS MONTREAL QC CA (der Mouse)
Date: Fri, 3 Mar 2000 19:45:22 -0500


As someone who works for a vendor that does distribute product
updates via email, I feel that I need to respond.  An exception the
rule Marc mentions should be non-executable, strongly signed updates.

Not good enough - it's too easy for someone to save an old update, then
much later, after bugs are known in it, forge mail from you including
the "update", thereby reintroducing known bugs into the customer's
system.

                                        der Mouse

                               mouse () rodents montreal qc ca
                     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B


  By Date           By Thread  

Current thread:
  • Re: Distributing Patches in Email (was: RE: EZ Shopper 3.0 shopping cart CGI remote command execution) der Mouse (Mar 04)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault