Matasano Chargen - Latest Comments in Alastair Houghton Debunks LMH MOKB Finding

Re: Alastair Houghton Debunks LMH MOKB Finding

Histrionic — Thu, 07 Dec 2006 16:24:17 -0000

Well, from a system administration perspective, disk image containers have a lot of advantages for different usage scenarios.

That’s not to say that there aren’t risks associated with them—because it looks like there’s evidence that there is or will be—but the risk sounds like it’s just simply much worse when they are traded across the ’net. They're now being used for general purposes rather than being confined to local computers for specific purposes.

Re: Alastair Houghton Debunks LMH MOKB Finding

Thomas Ptacek — Thu, 07 Dec 2006 15:29:41 -0000

I don't know enough about them, but I know enough to say this: the right way to do this is to use a fixed format like ISO9660, and the absolute wrong way to do is is to make disk images a metaformat with client-selectable filesystems.

Downloadable disk images and actual disks have radically different requirements; actual disks have to do all sorts of work to handle constant modification and keep coherent state. This is why I think disk images are dumb idea to begin with.

Re: Alastair Houghton Debunks LMH MOKB Finding

Histrionic — Thu, 07 Dec 2006 12:46:38 -0000

Is it likely that this will be a problem for WIM disk images on Windows Vista, as well?

Re: Alastair Houghton Debunks LMH MOKB Finding

Steve Christey — Wed, 06 Dec 2006 18:41:48 -0000

Alastair's post is a good commentary on the problem of vulnerability information management, and the amount of trust people put into refined information sources. If it took 3 days to verify an issue, it shows how resource-intensive (read: impossible) it would be for an information source to personally verify every single claim out there.

Re: Alastair Houghton Debunks LMH MOKB Finding

anonymous — Thu, 30 Nov 2006 13:23:12 -0000

Here's the link to Alastair's post:

http://alastairs-place.net/...