Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror

Comment Re:yeah, this is a problem, but how do you fix it? (Score 1) 2

by djbrums (#23116004) Attached to: Windows Update Can Hurt Security

It seems like at best attackers will always be able to figure out what was patched, and the best we can do is slow them down.
the article gives to ways, if you read it. 1) encrypt patches, then distribute, then provide decryption key. everyone can apply the patch simultaneously. 2) obfuscate. Though obfuscation is impossible, you can still make it really hard to analyze code.
Security

Submission + - Windows Update Can Hurt Security (cmu.edu) 2

Submitted by Anonymous Coward
An anonymous reader writes: Researchers at Carnegie Mellon University have shown that given a buggy program and a patch, it is possible to automatically create an exploit. They demonstrate this by showing automatic patch-based exploit generation for several Windows vulnerabilities and patches can be achieved within a few minutes of when a patch is first released. From the article: "One important security implication is that current patch distribution schemes which stagger patch distribution over long time periods, such as Windows Update, ... can detract from overall security, and should be redesigned." The full paper is available as PDF, and will appear at the IEEE Security and Privacy Symposium in May.

Slashdot Top Deals

"The whole problem with the world is that fools and fanatics are always so certain of themselves, but wiser people so full of doubts." -- Bertrand Russell

Close