Re: Microsoft Security Bulletin MS03-040 - 828750

From: cquirke (MVP Win9x) (name.goes.here_at_nospam.iafrica.com)
Date: 10/04/03 

Date: Sat, 04 Oct 2003 18:09:00 +0200

On Sat, 4 Oct 2003 00:29:41 -0400, "PA Bear" <PABear@mvps.org> wrote:

>What part of...
>
>> More information is now available at
>> http://www.microsoft.com/technet/security/bulletin/MS03-040.asp
>
>...do you not understand?

OK; safety's on, clips out, dudes!

You both have a point. New fixes need to be publicized, but as Swen
has so eloquently demonstrated, it's now impossible to tell what posts
are real and what are malware SE.

As to the link; well - HTML allows any text to have any URL under it,
so WYSINNWYG. I just tested that for myself in Netscape Composer 7.

So the challenge is; how to authenticate genuine MS correspondence in
a way that is both intuitive and reliable. It would help if HTML
didn't allow link spoofing, or if HTML posting was eradicated from
email and news groups, but that's the standard we are stuck with.

Security is either used "for" the user (e.g. to prove correspondence
is genuine), or "against" the user (e.g. to prevent copying of DVDs
etc.). The latter doesn't require user co-operation or acceptance,
but the former does - IOW it's like "justice"; not only does it have
to be done but it has to be *seen* to be done.

That's a tall order - as even the most secure key system fails if the
key is stolen, and there have been precedents for that already.

Meantime, the savvy will seek out and apply patches etc. and the rest
won't know who to believe. Not sure what the answer is :-(

I've left all the ngs in, as they all look equally relevant.

>------------ ----- --- -- - - - -
Drugs are usually safe. Inject? (Y/n)
>------------ ----- --- -- - - - -

Relevant Pages

  • Re: Microsoft Security Bulletin MS03-040 - 828750
    ... how to authenticate genuine MS correspondence in ... It would help if HTML ... Security is either used "for" the user (e.g. to prove correspondence ... That's a tall order - as even the most secure key system fails if the ...
    (microsoft.public.security.virus)
  • Re: Microsoft Security Bulletin MS03-040 - 828750
    ... how to authenticate genuine MS correspondence in ... It would help if HTML ... Security is either used "for" the user (e.g. to prove correspondence ... That's a tall order - as even the most secure key system fails if the ...
    (microsoft.public.security)
  • Re: Microsoft Security Bulletin MS03-040 - 828750
    ... congratulations on a well-deserved MVP award. ... It would help if HTML ... | Security is either used "for" the user (e.g. to prove correspondence ... | That's a tall order - as even the most secure key system fails if the ...
    (microsoft.public.security)
  • Re: Microsoft Security Bulletin MS03-040 - 828750
    ... congratulations on a well-deserved MVP award. ... It would help if HTML ... | Security is either used "for" the user (e.g. to prove correspondence ... | That's a tall order - as even the most secure key system fails if the ...
    (microsoft.public.security.virus)
  • Re: Microsoft Security Bulletin MS03-040 - 828750
    ... congratulations on a well-deserved MVP award. ... It would help if HTML ... | Security is either used "for" the user (e.g. to prove correspondence ... | That's a tall order - as even the most secure key system fails if the ...
    (microsoft.public.win2000.security)
Quantcast