Shostack + Friends Blog Archive


Brilliant Evil Redux

Following up with further conspiracy theory on Adam’s post, I also have to wonder just how accidental it was that a properly cryptographically signed version of the patch for WinXP was “posted to a community site” yesterday. Given the pressure to quickly product a patch combined with the one produced by Ilfak Guilfanov, it wouldn’t surprise me in the least if it was allowed to go out, purely for customers who were willing to take a chance, but without the potential for liability or poor publicity for MS.