M$ CD patches

Sean Donelan sean at donelan.com
Sat Feb 21 23:16:13 UTC 2004


On Sat, 21 Feb 2004, David Lesher wrote:
> > In the future you may be able to obtain patches through other
> > distribution channels, e.g. your ISP or consumer electronics chain or
> > original equipment manufacturer.  Regardless of the distribution method,
> > geniune Microsoft patches are always cryptographically signed by
> > Microsoft.  Whether consumers can figure out how to check the signature
> > is a different question.
>
> Except, as a friend has twice found out... M$ tends to let their
> certs expire. Ooops!

An expired cert is only a risk if you install the software anyway.

The other risk is a "trusted" certificate authority issuing a certificate
to an unauthorized user, or the signing certificate is compromised.

How do you know ANY copy of Windows XP that came on your computer, or
you bought in a box from Best Buy is genuine and unaltered?  Hint, if
you read the documentation, Microsoft tells you how.

How many people even bother to check? Double hint, did you read the
documentation?

Triple hint, this problem exists with all computer operating systems and
applications.  Sun has the same issue with Solaris, check with Sun
how to check if you Solaris CD is geniune.  Even mainframe software
from IBM has this issue, check with IBM how to check if your IBM
mainframe OS is genuine.

For the parnoid, did you check the chip in your shiny, new HP laserjet
network printer connected to your network is genuine?




More information about the NANOG mailing list