Re: Call to arms - INFORMATION ANARCHY

From: Jackie_Soares@GAP.COM
Date: 11/03/01


Message-ID:  <88256AF9.001414F4.00@smtpmta01.gap.com>
Date:         Fri, 2 Nov 2001 19:46:22 -0800
From: Jackie_Soares@GAP.COM
Subject:      Re: Call to arms - INFORMATION ANARCHY
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

After reading Scott Culp's Microsoft's Security Response Team paper, it
appears Microsoft is building a castle. How many people were remember the
cartoon on the cover of "Firewalls and Internet Security: Repelling the
Wily Hacker" that depicts a king hiding behind this castle?

The king doesn't need to hide. Especially, when if there others who
are trying to help. Some of us are just trying to get things to work
in a manner that is secured and supportable.

Awarding people to find esoteric bugs is not a good solution. Microsoft
isn't going to pay someone when someone in Corporate America already
opens the same tickets for free. And the thought creating a
"Microsoft Certified Security Engineer" so they would have access to
malicious source-code can only criminalize the engineer.

I believe two-way participation is the best choice. NTBUGTRAQ
is one of the best two-way dialogs I've seen. But the source code
can be place elsewhere. To define this forum as INFORMATION ANARCHY
is blasphemous. Most of the time, it is a very focused group of people
who are really concerned about NT/2000/XP and make a large part of
their livelihood on Microsoft operating systems.

We joined this forum to learn, to report bugs, to ask questions,
to get bug fixes, and identify and fix security flaws. NTBUGTRAQ
has no equal.

Let me toot a horn for Russ and crew!

"Here! Here! for NTBUGTRAQ!" Without it we could not have acted
quickly on NIMDA, REDWORM, etc. I thank all of you who shared.
This collective knowledge was very useful in getting the message out.
Thank you for being the only source for all the information being
brought to the masses. There was no other place to get this!

But I hear the trucks bringing in the bricks. I hope they are
building a bridge to this listserv and not a castle.

Jackie Soares
Sr. Manager



Relevant Pages

  • Call to arms - INFORMATION ANARCHY
    ... A Step Towards Information Anarchy: ... Scott Culp of Microsoft's Security Response Team released the ... Microsoft line of thinking. ... clear and present danger of being stomped out by vendors like Microsoft. ...
    (NT-Bugtraq)
  • [NT] Cumulative Security Update for Internet Explorer (MS04-025)
    ... Get your security news from a reliable source. ... * Microsoft Windows NT Workstation 4.0 Service Pack 6a ... Navigation Method Cross-Domain Vulnerability ...
    (Securiteam)
  • SecurityFocus Microsoft Newsletter #75
    ... Microsoft's Internet Security & Acceleration Server with fault-tolerance ... The Microsoft UPnP Vulnerability ... Relevant URL: ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #120
    ... Strengthening Network Security: FREE Guide Network security is a ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Windows File Protection Signed File Replacement... ... PlatinumFTPServer Information Disclosure Vulnerability ...
    (Focus-Microsoft)
  • Re: A 6% fix from Microsoft Security Bulletin MS03-040 - 828750
    ... Now if the geeks over at Microsoft could get "infected" with some of this ... The Internet is already mind blowing in the way it can bring people ... that creates an unacceptable risk of security compromise and we need to shut ... down all Internet browsing with IE. ...
    (microsoft.public.win2000.security)