Re: [Full-disclosure] Microsoft's Binary Planting Clean-Up Mission



Hi Thor,

Microsoft is maintaining a list of binary planting bugs they've fixed here:
http://technet.microsoft.com/en-us/security/advisory/2269637

You will find our name in some of these advisories.

Calling the above effort a "Binary Planting Clean-up Mission" was merely a benign
poetic exercise, and this is *not* an official name of any internal mission at
Microsoft to the best of my knowledge.

You can learn something about our interaction with Microsoft here:
http://blog.acrossecurity.com/2010/08/binary-planting-update-day-7.html

Cheers,
Mitja


-----Original Message-----
From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
[mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf
Of Thor (Hammer of God)
Sent: Thursday, September 15, 2011 10:59 PM
To: security@xxxxxxxxxxxxxxxxx; 'ChristianSciberras'
Cc: full-disclosure@xxxxxxxxxxxxxxxxx; bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Microsoft's Binary Planting
Clean-Up Mission

I'm curious. Who is your contact at MSFT? Who is it that
has told you they have a "Binary Planting Clean-up Mission"
and where do they mention you as having anything to do with it?

If you are going to claim MSFT's actions as substantive to
your agenda, how about provide some details?

t

-----Original Message-----
From: ACROS Security Lists [mailto:lists@xxxxxxxx]
Sent: Thursday, September 15, 2011 1:41 PM
To: 'Christian Sciberras'
Cc: Thor (Hammer of God); full-disclosure@xxxxxxxxxxxxxxxxx;
bugtraq@xxxxxxxxxxxxxxxxx
Subject: RE: [Full-disclosure] Microsoft's Binary Planting Clean-Up
Mission

Hey Chris,

I bet Microsoft actually like stating they just fixed yet another
severe bug.
Zero-day fixing is big business, you know....even if "zero"
is past a few "days".

I don't think Microsoft gains much from being able to say
they fixed
yet another bug
- maybe if it were a bug they found internally and fixed
proactively,
but not like this. And I'm sure they'd rather be doing
something else than fixing:
fixing a product costs a lot, and it generates no revenue.

Cheers,
Mitja

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages