http://blogs.technet.com/robert_hensing/archive/2008/07/29/today-s-fail-open-goat-award-goes-to-insecure-3rd-party-software-updaters.aspxYou'll notice Microsoft's auto-updaters (Windows Update / Microsoft Update / Automatic Updates) are not on the list. Why? Because we're paranoid, and we anticipated this type of threat years ago and mitigated it by signing all of our binaries and onlyen-USCommunityServer 2.1 SP1 (Build: 61025.2)http://blogs.technet.com/robert_hensing/archive/2008/07/29/today-s-fail-open-goat-award-goes-to-insecure-3rd-party-software-updaters.aspx#3095407Tue, 29 Jul 2008 22:52:08 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3095407Michael Howard's Web Log<p>Gotta love Robert's sarcasm .. but he's right.</p> http://blogs.technet.com/robert_hensing/archive/2008/07/29/today-s-fail-open-goat-award-goes-to-insecure-3rd-party-software-updaters.aspx#3096123Thu, 31 Jul 2008 17:55:08 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3096123pascals.blog<p>...Mais quand m&amp;#234;me. Combien de fois m'a-t-on demand&amp;#233; comment Microsoft garantissait que les</p> http://blogs.technet.com/robert_hensing/archive/2008/07/29/today-s-fail-open-goat-award-goes-to-insecure-3rd-party-software-updaters.aspx#3103696Tue, 12 Aug 2008 01:17:21 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3103696Jorge_Aguinaga<p>According to the University of Arizona, updating Linux distros has its own risks too. ( <a rel="nofollow" target="_new" href="http://www.cs.arizona.edu/people/justin/packagemanagersecurity/attacks-on-package-managers.html">http://www.cs.arizona.edu/people/justin/packagemanagersecurity/attacks-on-package-managers.html</a> )</p>