Re: [Full-disclosure] Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more...
From: Scott Edwards (supadupa_at_gmail.com)
Date: 03/13/05
- Previous message: J.A. Terranson: "Re: [Full-disclosure] Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more..."
- In reply to: Tamas Feher: "[Full-disclosure] Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more..."
- Next in thread: phased: "Re[2]: [Full-disclosure] Reuters: Microsoft to give holes info to UncleSam first - responsible vendor notification may not be a goodidea any more..."
- Reply: phased: "Re[2]: [Full-disclosure] Reuters: Microsoft to give holes info to UncleSam first - responsible vendor notification may not be a goodidea any more..."
- Reply: James Tucker: "Re: [Full-disclosure] Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 12 Mar 2005 22:45:39 -0700
On Sat, 12 Mar 2005 13:41:26 +0100, Tamas Feher <etomcat@freemail.hu> wrote:
> http://www.reuters.com/newsArticle.jhtml?type=technologyNews&storyID=7
> 876004&src=rss/technologyNews
>
> Microsoft to Offer Patches to U.S. Govt. First
> by Reuters, 11 Mar 2005
[snip]
> Under a plan to take effect later this year, Microsoft will give the
> U.S. Air Force versions of software "patches" to fix serious security
> vulnerabilities up to a month before they are available to others,
> the paper said.
[snip]
Isn't the real issue we're trying to address, is that the US Govt's
advance knowledge of this information, does not serve the masses?
My strongest opinion is to provide it for everyone at the same time.
This advance notice has some indication that someone does not have the
(wo)man power and action plan on how to handle these updates. Seems
like what ever reason they have, is a complete cop-out (Feel free to
enlighten me Uncle Sam, I honor thee, but why are thou so special?).
Two words for Uncle Sam. "Cowboy up!". Sure MSFT says the updates
will only be stalled to the public, "up to a month", but that could be
any amount of time.
And this whole nonsense of "black hats only find these holes from
updates" is just that, nonsense. How many times have we seen a
website turn a browser into a mushroom cloud? I mean, we've NEVER
seen a program crash by visiting websites, right? Reproduce that, and
you've got yourself the makings of an exploit. What if the next
discovered hole is a worm writer? (I'm not meaning to suggest that
internet/www are not the only "critical updates" of concern in this
topic, but it's the easiest to illustrate)
Thank you,
Scott Edwards
-- Daxal Communications - http://www.daxal.com Surf the USA - http://www.surfthe.us _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://www.secunia.com/
- Previous message: J.A. Terranson: "Re: [Full-disclosure] Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more..."
- In reply to: Tamas Feher: "[Full-disclosure] Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more..."
- Next in thread: phased: "Re[2]: [Full-disclosure] Reuters: Microsoft to give holes info to UncleSam first - responsible vendor notification may not be a goodidea any more..."
- Reply: phased: "Re[2]: [Full-disclosure] Reuters: Microsoft to give holes info to UncleSam first - responsible vendor notification may not be a goodidea any more..."
- Reply: James Tucker: "Re: [Full-disclosure] Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
