Re[2]: [Full-disclosure] Reuters: Microsoft to give holes info to UncleSam first - responsible vendor notification may not be a goodidea any more...
From: phased (phased_at_mail.ru)
Date: 03/13/05
- Previous message: Scott Edwards: "Re: [Full-disclosure] Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more..."
- In reply to: Scott Edwards: "Re: [Full-disclosure] Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more..."
- Next in thread: James Tucker: "Re: [Full-disclosure] Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: full-disclosure@lists.grok.org.uk Date: Sun, 13 Mar 2005 15:55:59 +0300
-----Original Message-----
From: Scott Edwards <supadupa@gmail.com>
To:
Date: Sat, 12 Mar 2005 22:45:39 -0700
Subject: Re: [Full-disclosure] Reuters: Microsoft to give holes info to UncleSam first - responsible vendor notification may not be a goodidea any more...
>
> On Sat, 12 Mar 2005 13:41:26 +0100, Tamas Feher <etomcat@freemail.hu> wrote:
> > http://www.reuters.com/newsArticle.jhtml?type=technologyNews&storyID=7
> > 876004&src=rss/technologyNews
> >
> > Microsoft to Offer Patches to U.S. Govt. First
> > by Reuters, 11 Mar 2005
> [snip]
> > Under a plan to take effect later this year, Microsoft will give the
> > U.S. Air Force versions of software "patches" to fix serious security
> > vulnerabilities up to a month before they are available to others,
> > the paper said.
> [snip]
>
> Isn't the real issue we're trying to address, is that the US Govt's
> advance knowledge of this information, does not serve the masses?
>
> My strongest opinion is to provide it for everyone at the same time.
> This advance notice has some indication that someone does not have the
> (wo)man power and action plan on how to handle these updates. Seems
> like what ever reason they have, is a complete cop-out (Feel free to
> enlighten me Uncle Sam, I honor thee, but why are thou so special?).
> Two words for Uncle Sam. "Cowboy up!". Sure MSFT says the updates
> will only be stalled to the public, "up to a month", but that could be
> any amount of time.
>
> And this whole nonsense of "black hats only find these holes from
> updates" is just that, nonsense. How many times have we seen a
> website turn a browser into a mushroom cloud? I mean, we've NEVER
> seen a program crash by visiting websites, right? Reproduce that, and
> you've got yourself the makings of an exploit. What if the next
> discovered hole is a worm writer? (I'm not meaning to suggest that
> internet/www are not the only "critical updates" of concern in this
> topic, but it's the easiest to illustrate)
>
> Thank you,
>
>
> Scott Edwards
> --
> Daxal Communications - http://www.daxal.com
> Surf the USA - http://www.surfthe.us
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://www.secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://www.secunia.com/
- Previous message: Scott Edwards: "Re: [Full-disclosure] Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more..."
- In reply to: Scott Edwards: "Re: [Full-disclosure] Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more..."
- Next in thread: James Tucker: "Re: [Full-disclosure] Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
