Mad, OK, you have a good point there, but its only a fraction of the code anyway. If they really wanted it audited, by releasing it on purpose as you and others have eluded, then why not release the entire distribution?
Here, I have released some of my distribution and like I have said, you find something wrong, you fix it! Or, re-write it. http://home.comcast.net/~nodialtone On Wed, 2004-02-18 at 21:39, madsaxon wrote: > At 01:45 PM 2/18/2004 -0800, you wrote: > > >Did I miss the thread or has no one yet postulated that the Microsoft > >source code subset was leaked intentionally in order to afford M$ the > >free services of hundreds or thousands of security researchers auditing > >their code for them? > > You missed the thread: > > From: Exibar [EMAIL PROTECTED] > Sun, 15 Feb 2004 12:39:25 -0500 > Subject: Microsoft source code "leak" > > Anyone ever think that perhaps Microsoft "leaked" this section of code on > purpose? Right now there are 1,000's of hacker types and curious types > pouring over that code looking for flaws. Sounds like there was already a > flaw found using a signed integer as an offset, I've also heard that there > is an exploited version of Notepad floating around now too... > > Microsoft can't pay to have this kind of QA done in house (who could?), > so why not release a piece of source and let everyone do it for them? > > Could be that it's a clever way to distract from the ASN.1 flaw that was > found too... release a bit of code that is meaningless and the exploit > writers will be too busy looking through that code to write a huge exploit > for ASN.1? > > Ok, sounds like a conspiracy theroys doesn't it? And it probably isn't > true, but stranger things have happened :-) > > Exibar > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
