Re: Is Microsoft serious?

phil paxton wrote:

> Todd H. wrote:
>> "Lars" <powder.monger@xxxxxxxxx> writes:
>>
>> > I read that Microsoft was scouring its own code and file formats that
>> > have lain dormant since the stone age to look for potential WMF style
>> > vulenrabilities. So my question is, are they really serious about this
>> > and do you think they will catch some, all, or none before new exploits
>> > are found by hackers?
>>
>> Based on some security wizards who I know personally and respect a
>> great deal that they've hired in the last year, I can say that
>> Microsoft appears to be more serious about security than they've ever
>> been.
>
>
> So you're saying "Month of Code" (which WHG III was very vocal about,
> claiming all coding was shutting down and focusing upon security
> coding) was successful?
>
> "Patch Tuesday" isn't what it should be (in the number of reported
> errors) and the errors still focus upon buffer overruns
>
> My ongoing joke has bee during the "Microsoft Interview Quiz" (let's
> not start a thread of the questions and|or answers). Anyway, I've added
> a new one: "Present code (you can bring it with you, if you choose e
> deals with buffer overflow [because we don't know how to do it and need
> to see how to it's done]."
>
> p
>
> Oh, I almost forgot. Pop quiz, hotshot - name the author:
>
> "People don't want bug fixes, they want new features."
>
>
>
> If you said, "William Heny Gates, 3rd, you were right.


....nice I am going to add that to my signature...sweet...

Imhotep
.

Relevant Pages

  • [NT] Cumulative Security Update for Internet Explorer (MS04-025)
    ... Get your security news from a reliable source. ... * Microsoft Windows NT Workstation 4.0 Service Pack 6a ... Navigation Method Cross-Domain Vulnerability ...
    (Securiteam)
  • SecurityFocus Microsoft Newsletter #75
    ... Microsoft's Internet Security & Acceleration Server with fault-tolerance ... The Microsoft UPnP Vulnerability ... Relevant URL: ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #120
    ... Strengthening Network Security: FREE Guide Network security is a ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Windows File Protection Signed File Replacement... ... PlatinumFTPServer Information Disclosure Vulnerability ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #117
    ... Strengthening Network Security: FREE Guide Network security is a ... MICROSOFT VULNERABILITY SUMMARY ... Mollensoft Software Enceladus Server Suite Directory Traversal... ... An attacker is able to traverse outside of the established web root by ...
    (Focus-Microsoft)
  • Re: A 6% fix from Microsoft Security Bulletin MS03-040 - 828750
    ... Now if the geeks over at Microsoft could get "infected" with some of this ... The Internet is already mind blowing in the way it can bring people ... that creates an unacceptable risk of security compromise and we need to shut ... down all Internet browsing with IE. ...
    (microsoft.public.security)