Dailydave mailing list archives

Re: Tectonic Shifts

From: Blue Boar <BlueBoar () thievco com>
Date: Wed, 10 Dec 2003 10:01:12 -0800

Stefan Wagner wrote:

On Wed, Dec 10, 2003 at 10:36:38AM -0500, Dave Aitel wrote:
computer, I have to assume that Windows Update has been owned at least
once.
At least once by 'Code Red':
http://www.attrition.org/mirror/attrition/2001/07/19/windowsupdate.microsoft.com/
I don't know if M$ started applying their own patches or not since then, doubtbeeing owned by a worm says anything about security :>

Right, it got wormed. But, does owning Windowsupdate do you any goodwithout the signing key? Sure, I imagine there are some significant numberof people who will click whatever for the unsigned code, but then you couldbe windowsupdate with some DNS games.


                                                BB

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave

Current thread:

[Fwd: Re: 0x43434343 - talking of money...] Daniele Muscetta (Nov 24)
- Re: Re: 0x43434343 - talking of money...] Nexus (Nov 24)
- Re: [Fwd: Re: 0x43434343 - talking of money...] David Maynor (Nov 24)
- <Possible follow-ups>
- Re: [Fwd: Re: 0x43434343 - talking of money...] arlen (Nov 25)