Re: Incredibly Major XP Vulnerability
From: Alun Jones (alun@texis.com)
Date: 09/15/02
- Next message: eric: "cant change home page---locked into www.gohip pop-ups"
- Previous message: Kent W. England [MVP]: "Re: academic edition accidently bought"
- In reply to: Tony: "Re: Incredibly Major XP Vulnerability"
- Next in thread: mike singer: "Re: Incredibly Major XP Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: alun@texis.com (Alun Jones) Date: Sun, 15 Sep 2002 17:23:05 GMT
In article <95k8ouo5bpabnbk1hditchlo30sa78bd54@4ax.com>, Tony
<nunya@business.com> wrote:
>>the SP. As a security administrator, I should not have to be crawling
>>around all the hacker web sites to determine if there is a known
>>vulnerability. I expect Microsoft to notifiy me using the normal bulletins.
>
>I disagree. How many vulnerabilities do you think MS is currently
>sitting on? No patch, no bulletin.
You're assuming that the only reason a problem is listed at other sites as
unpatched is because Microsoft is trying to cover it up. I can think of a
number of others:
Some hackers care more for the publicity of "early disclosure" than for fixing
the product, and don't bother to report to the vendor.
People believe (and with some reason) that Microsoft ignores most of the bug
reports it gets.
Microsoft makes you give them a credit card number just to talk to tech
support, even if you're reporting a bug - it's then up to the support tech's
"discretion" as to whether to refund your card for the call.
Many reports of bugs turn out to be examples of user error, misconfiguration,
etc.
Every report of a bug needs to be verified before it is notified to the
public. How useful would a security bulletin service be if it was unverified?
Even after a bug is patched, the patch needs to be tested to make sure that it
doesn't break things worse than they were (NT 4 SP 2, anyone?).
While I agree that many times bugs could do with being announced (and patched)
sooner than is currently being done, malice and greed are not the only
explanations.
Alun.
~~~~
[Please don't email posters, if a Usenet response is appropriate.]
-- Texas Imperial Software | Try WFTPD, the Windows FTP Server. Find us at 1602 Harvest Moon Place | http://www.wftpd.com or email alun@texis.com Cedar Park TX 78613-1419 | VISA/MC accepted. NT-based sites, be sure to Fax/Voice +1(512)258-9858 | read details of WFTPD Pro for XP/2000/NT.
- Next message: eric: "cant change home page---locked into www.gohip pop-ups"
- Previous message: Kent W. England [MVP]: "Re: academic edition accidently bought"
- In reply to: Tony: "Re: Incredibly Major XP Vulnerability"
- Next in thread: mike singer: "Re: Incredibly Major XP Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
