[Dshield] MS05-039 exploits prove that pacthing "window"is getting shorter and shorter and...

Chris Wright dshield at yaps4u.net
Thu Aug 18 17:58:00 GMT 2005


> -----Original Message-----
> From: list-bounces at lists.dshield.org 
> [mailto:list-bounces at lists.dshield.org] On Behalf Of John B. Holmblad
> Sent: Thursday, August 18, 2005 5:10 PM
> To: General DShield Discussion List
> Subject: Re: [Dshield] MS05-039 exploits prove that pacthing 
> "window"is getting shorter and shorter and...
> Chris,
> perhaps I am missing something but from reading of 
> Technet/MSDN articles, PnP was designed to support hardware 
> installation on the same computer whereas uPnP has been 
> designed to support installation (e.g. 
> printers) that are connected to the computer in question via 
> a TCP/IP stack connection. It is possible that when PnP was 
> designed by Microsoft, their designers foresaw its ultimate 
> extension to  support the installation of remote devices 
> (i.e. uPnP), and therefore they implemented communications 
> with the key PnP process "kernel" using the TCP/IP stack 
> instead of local procedure calls, even though it was not 
> really needed at the time.
> If this supposition is correct, I  guess it  reveals one of 
> the fundamental downsides to so-called "closed source" 
> software development, that is, the lack of sufficient peer 
> review of the underlying software design.
> --


Again, I don't have the specs to hand, but iirc I thought uPNP devices
actually advertised their existance to those on the network but using a
different mechanism to that by a PNP device.

You've given me something read up on tonight.  Haven't had a good spec in a
long time. (The nights are long and dark here you see, oh, and the wife and
kids are away).  I'll probably end up playing the boys Battefield2 all night
instead though.



More information about the list mailing list