The joys of automatic mailing

From: Russ (Russ.Cooper@RC.ON.CA)
Date: 03/04/03

  • Next message: Erik Birkholz: "Free SQL chapter available on www.SpecialOpsSecurity.com" 
    Date:         Tue, 4 Mar 2003 15:56:06 -0500
From: Russ <Russ.Cooper@RC.ON.CA>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    Well, it doesn't happen often, but you know it'll probably happen some
    time...and today was that day.

    I automatically scan MS security bulletins every 10 minutes looking for
    new ones. Once every hour I scan last year's bulletins to see if any
    have been revised. Once a week I look at all bulletins that were ever
    created for revisions.

    Seemed reasonable to me...until MS pushed 20 revised security bulletins
    at the same time. Stands to reason that if they were to make a common
    revision...in this case removing a URL reference to the old, now
    defunct, corporate.windowsupdate.microsoft.com site...they would all
    appear at the same time. The site is pushed at a scheduled time and not
    ad hoc as the bulletins are revised.

    I hadn't thought of that, duh!

    So, no, you didn't receive 20 identical messages, they were all for
    different bulletins. No, I am not spamming you purposefully, they were
    all legitimate revision notices. No, I can't give them to you as they
    appear, because they all appeared at the same time on the website.

    I have disabled automatic posting for now.

    There are a couple of options here;

    1. Microsoft do attempt to differentiate between important revisions and
    less important. They use minor and major revision numbers to (usually)
    denote importance. A minor revision number indicates clarification of
    points, or grammatical corrections and the like. A major revision means
    a new platform is affected, or the binary has been changed. There's a
    lot more than this involved in the numbering scheme, but I could post
    only major revision changes if you think that would be better.

    2. I could stop posting revision notices altogether.

    3. I could manually post revision notices based solely on whether or not
    I feel they're important. This means, however, that they will only be
    sent once I've had a chance to review them and so it may not be
    immediate, even if its an important issue (believe it or not, I'm not
    always able to immediately check...;-])

    4. Leave things as they are. Its not likely that we will see such
    en-masse revisions often. Generally the revision process has worked
    fairly well in the past.

    Take the poll and let me know your preference;

    http://www.ntbugtraq.com/default.asp?sid=1&pid=47&aid=71

    Cheers,
    Russ - NTBugtraq Editor

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Have you discovered a security vulnerability related to Windows or a
    commercial product which runs on Windows?

    Need assistance crafting the format or translating your advisory to English?

    Need to verify it, or having problems contacting the Vendor?

    Contact mailto:Advisories@NTBugtraq.com

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

  • Next message: Erik Birkholz: "Free SQL chapter available on www.SpecialOpsSecurity.com"

    Relevant Pages