djbrums - Slashdot User

Comment Re:yeah, this is a problem, but how do you fix it? (Score 1) 2

by djbrums on Friday April 18, 2008 @08:46AM (#23116004) Attached to: Windows Update Can Hurt Security

It seems like at best attackers will always be able to figure out what was patched, and the best we can do is slow them down.

the article gives to ways, if you read it. 1) encrypt patches, then distribute, then provide decryption key. everyone can apply the patch simultaneously. 2) obfuscate. Though obfuscation is impossible, you can still make it really hard to analyze code.

Submission + - Windows Update Can Hurt Security (cmu.edu) 2

Submitted by Anonymous Coward on Thursday April 17, 2008 @09:31PM

An anonymous reader writes: Researchers at Carnegie Mellon University have shown that given a buggy program and a patch, it is possible to automatically create an exploit. They demonstrate this by showing automatic patch-based exploit generation for several Windows vulnerabilities and patches can be achieved within a few minutes of when a patch is first released. From the article: "One important security implication is that current patch distribution schemes which stagger patch distribution over long time periods, such as Windows Update, ... can detract from overall security, and should be redesigned." The full paper is available as PDF, and will appear at the IEEE Security and Privacy Symposium in May.

Slashdot Top Deals