Cerca nel blog

2005/07/03

Sicurezza, la patch stessa spiega la falla, senza documentazione

Reverse engineering patches making disclosure a moot choice? | The Register: "When Microsoft released limited information on a critical vulnerability in Internet Explorer last month, reverse engineer Halvar Flake decided to dig deeper.

Using his company's tool for analyzing the differences in the patched and unpatched versions of a program, Flake pinpointed the portable networked graphics (PNG) vulnerability that Microsoft fixed with its latest update, locating the specific changes in less than 20 minutes."

In altre parole, mantenere il segreto sulla natura della falla chiusa da una patch è assolutamente inutile.