Re: Microsoft and Security

From: Justin Wheeler (jwheeler_at_datademons.com)
Date: 06/28/04

  • Next message: Gregory Duchemin: "ISC DHCP overflows"
    To: Radoslav Dejanović <radoslav.dejanovic@opsus.hr>, <bugtraq@securityfocus.com>
    Date: Mon, 28 Jun 2004 08:41:40 -0400
    
    

    On Friday 25 June 2004 20:53, http-equiv@excite.com wrote:
    >> What's happening here. Where is the Microsoft representative
    >> explaining all of this to the shareholders and "customers" they
    >> so dearly wish to protect. This is unacceptable. Someone must
    >> be held accountable.
    >
    >Although I do agree on most of your words, I hardly find this list
    >appropriate for such rants. You're talking to people who already know
    >this, and do not forget that Microsoft doesn't play security game like
    >Open Source people do. It is two different worlds, really. While OS people
    >might just sit down, write a patch and publish it, MS people would have to
    >write patch, submit it to QA, see that it doesn't break something else,
    >see that it doesn't make the end-user experience less comfortable, and
    >only then release it to the public (takes time, doesn't it?).

    *snip*

    Perhaps that'd be a better argument, if there weren't countless patches
    from MS in the past that broke other things..
    (http://www.securityfocus.com/archive/1/OF6CB1254D.22B27464-ON85256E89.004FB
    436-85256E89.0050E58D@seba.com/2004-06-25/2004-07-01/0 for example).

    And I'd also be more likely to believe that if there weren't MS patches out
    there that fix one particular bug, but completely ignore other ones that are
    nearly IDENTICAL to it.

    Justin


  • Next message: Gregory Duchemin: "ISC DHCP overflows"

    Relevant Pages

    • Re: [PATCH -mm] vmscan: make mapped executable pages the first class citizen
      ... Protect referenced PROT_EXEC mapped pages from being deactivated. ... currently running executables and their linked libraries, ... How do we know that this patch improves Linux? ... I = time to fully scan the inactive file LRU ...
      (Linux-Kernel)
    • Re: <+> Patch for MS04-007 Today!!!!<+>
      ... > vulnerability which Microsoft acknowledged by releasing this patch. ... > that method of update and install all currently offered "Critical Updates ... > access and is periodically being updated at WindowsUpdate. ... > if you need to take any action to protect it, or if they will act on your ...
      (microsoft.public.windows.server.sbs)
    • Re: <+> Patch for MS04-007 Today!!!!<+>
      ... > vulnerability which Microsoft acknowledged by releasing this patch. ... > that method of update and install all currently offered "Critical Updates ... > access and is periodically being updated at WindowsUpdate. ... > if you need to take any action to protect it, or if they will act on your ...
      (microsoft.public.backoffice.smallbiz)
    • Re: <+> Patch for MS04-007 Today!!!!<+>
      ... > vulnerability which Microsoft acknowledged by releasing this patch. ... > that method of update and install all currently offered "Critical Updates ... > access and is periodically being updated at WindowsUpdate. ... > if you need to take any action to protect it, or if they will act on your ...
      (microsoft.public.backoffice.smallbiz2000)
    • Re: Security Experts Warn of New Way to Attack Windows
      ... you are protected if the patch has been applied for the workstation service. ... The patch for the Workstation Service vulnerability does protect against ... this latest attack, Caceres said. ...
      (microsoft.public.security)