Re: Shame on Microsoft

From: Hector Santos (nospam_at_nospam.com)
Date: 08/13/03

• Next message: Benny T.: "Re: Re: virus or ???"
• Previous message: Marie: "Downloading Security 128-bit"
• In reply to: Hector Santos: "Re: Shame on Microsoft"
• Next in thread: Jonathan Maltz [MS-MVP]: "Re: Shame on Microsoft"
• Reply: Jonathan Maltz [MS-MVP]: "Re: Shame on Microsoft"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 13 Aug 2003 16:53:15 -0400

> > Things like this aren't expected. Do you think, when Microsoft released
> > Windows Server 2003 that a bug that existed since NT 4.0 would be in it?
> > No.
>
> Excuse me? I would think that EVERY component or sub-system in a BRAND
new
> product would have been scrutinize for the TOP #1 flaw in the system -
> stack/buffer overflows.

I would like to add the following:

Back in 99, when we were hit by Russian Hackers with the early renditions of
CodeRed, I was personally on the phone with Microsoft Security manager at
the time because we got the FBI involved. Microsoft was very interesting in
our delima. This was during the Windows Beta 2000 days and when I brought
my concerns about what seems the lack of sound technical responsibility by
their engineers and management (same thing I am talking about today), I was
assured that "WIndows 2000" and all future OS will have new security
technology that addresss "Buffer Overflow" at the core! I specifically
remember this because I then asked "What about current OSes?" I accepted
his response because there had to be some fundamental changes that only new
OSes can get. I can understand that.

Nonetheless, the point is that "Stack/Buffer Overlow" is a VERY known issue
at Microsoft for MANY YEARS.

So to tell me that they used OLD components in a new products without
putting them thru a Buffer overflow test is not only MAL-PRACTICE, but also
unethical across the board, up down and sideways.

-- 
Hector Santos
WINSERVER "Wildcat! Interactive Net Server"
support: http://www.winserver.com
sales: http://www.santronics.com

---

• Next message: Benny T.: "Re: Re: virus or ???"
• Previous message: Marie: "Downloading Security 128-bit"
• In reply to: Hector Santos: "Re: Shame on Microsoft"
• Next in thread: Jonathan Maltz [MS-MVP]: "Re: Shame on Microsoft"
• Reply: Jonathan Maltz [MS-MVP]: "Re: Shame on Microsoft"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Oveflow Error while building an image, Code = 0x800a0006 ... of the XPProEmulation threads on www.xpefiles.com to upload a compressed ... mean there were a bunch of similar issues (overflow, crash, hang, lock, ... Microsoft about the issue is a better idea. ... Build machine OS is XP Pro SP2. ... (microsoft.public.windowsxp.embedded) Microsoft RASAPI32.DLL ... Buffer Overflow in Microsoft Rasapi32.dll ... as the "Dial-Up Networking Dynamic Linked Library and a Remote Access API". ... (Bugtraq) Re: Oveflow Error while building an image, Code = 0x800a0006 ... seen one TD crash on FP2007 so far and it was an extreme case when I was ... filing a bug to Microsoft about ... Description = Overflow ... Build machine OS is XP Pro SP2. ... (microsoft.public.windowsxp.embedded)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)