Re: Security Issue Found
- From: Steve Kass <skass@xxxxxxxx>
- Date: Tue, 20 Dec 2005 22:41:38 -0500
Ole,
I've worked with the security team on issues very much like what you describe, and they are real professionals.
The URL Dan posted is the right one. If you don't get a quick response, refer them to this thread and tell them that SQL Server MVP's Dan and Steve sent you. ;)
Since what you describe is similar to an issue that is already known and public (and on the Microsoft web site), I'll point to this blog post, which refers to a Microsoft white paper on the topic:
http://sqlservercentral.com/cs/blogs/brian_kelley/archive/2005/11/25/334.aspx
Steve Kass Drew University
Ole Kristian Bangås wrote:
After having been in contact with Microsoft Support in various countries, both by mail and phone, what I was told to do is to post here.
Given that a few prerequisites are in place, I'm able to grant myself access to data that I'm explicitly denied access to. No big surprise, this is not the way it is supposed to be. I desperately want to get in touch with someone working with security issues in Microsoft, as I do NOT want the details to go public. But, before that happens, I have to thoughs:
- Why do I either have to pay and open a support case to report security issues, or (even worse)
- Go public on this newsgroup?
I would strongly suggest that Microsoft make some "slightly" easier way to report security issues with their software. I'm SO close to go public with all the detials first, since it's so troublesome to report issues directly to Microsoft.
Well, that's all for now.
.
- Follow-Ups:
- Re: Security Issue Found
- From: Ole Kristian Bangås
- Re: Security Issue Found
- References:
- Security Issue Found
- From: Ole Kristian Bangås
- Security Issue Found
- Prev by Date: Re: Data Encryption In SQL2005
- Next by Date: Re: netstat on my server
- Previous by thread: Re: Security Issue Found
- Next by thread: Re: Security Issue Found
- Index(es):
Relevant Pages
|
|
