funsec mailing list archives
Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs
From: Blue Boar <BlueBoar () thievco com>
Date: Wed, 31 Mar 2010 09:54:51 -0700
Larry Seltzer wrote:
First if Microsoft patches include unrelated silent patches then I would expect, as you say, people would diff the files and examine the updates to see what it is they are changing
They do and they do. Ask Halvar about reversing and finding silent patches. Former Microsoft people have also confirmed that they have fixed "in-house"-discovered problems.
and develop POCs for them.
Why develop POCs for patched bugs? "They" already have working exploits for vulns fixed in the same patch to get the unpatched boxes.
I don't ever recall hearing of an exploit for a bug in Windows that turned out to have been silently patched.
I've seen people claim numerous times on mailing lists over the years that MS finally fixed the vuln they were using. Check with Dave Aitel. BB _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs Larry Seltzer (Mar 28)
- Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs disco jonny (Mar 31)
- Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs Larry Seltzer (Mar 31)
- Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs disco jonny (Mar 31)
- Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs Larry Seltzer (Mar 31)
- Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs Dan Kaminsky (Mar 31)
- Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs Larry Seltzer (Mar 31)
- Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs Valdis . Kletnieks (Mar 31)
- Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs Dan Kaminsky (Mar 31)
- Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs Larry Seltzer (Mar 31)
- Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs Larry Seltzer (Mar 31)
- Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs disco jonny (Mar 31)
- Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs Blue Boar (Mar 31)
- Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs disco jonny (Mar 31)
- Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs Craig Schmugar (Mar 31)
- Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs Larry Seltzer (Mar 31)
- Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs Nick FitzGerald (Mar 31)