2008/11/6 n3td3v <[EMAIL PROTECTED]>: <snip> > i'm not sure this is a good idea as it gives a heads up to hackers. > you may think its not long but its actually 5 days for a hacker to > figure out potentially a vulnerability in said area. maybe we should > have a discussion about the pros and cons of these microsoft heads up > and what the reality of it is for the bad guys to be able to pin point > and start exploiting a flaw in said area in a 5 day time frame. yours > n3td3v.
I don't think any hacker is going to bother spending 5 days looking for a needle in a haystack when he can reverse engineer specific files once the patch is released. I know very little of looking for pointers in DLLs but from what I've seen it looks like a bit of a nightmare. The best way is to "diff" two files - the un-patched and the patched then you see where the changes are. Of course if you had thought about it or done *any* research before you posted you would already have made that point. I am not a white/grey/black/pink hat I'm just an NT Admin type person who monitors this list for Full Disclosure of bugs in software. Instead I have trawl through your incessant ramblings on most days. Yes I have filters set up in Gmail of course, but I still have to deal with the replies, which before you go on about it are justifiably offensive because you've polluted this list for years with your crap - most have had enough of it. Now please go and get a job in something completely different so you can sleep through the night like the rest of us. Regards, Colin. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
