lists.openwall.net   lists  /  announce  john-users  owl-users  popa3d-users  /  xvendor  oss-security  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4 
Open Source and information security mailing list archives
 
This website is powered by Openwall GNU/*/Linux security-enhanced OS
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
From: andrewg at d2.net.au (andrewg@...net.au)
Subject: Microsoft Cries Wolf ( again )

>> About a year ago, I tripped over this issue. (I have since found out
>> it is a known bug - see http://www.sitepoint.com/print/1029). In an
>> effort to help MS, I spent hours of company time registering to
>> various bug reporting services on MS sites - and never found one that
>> would accept my bug report because IE is not a paid product. Not that
>> I wanted any support - I only wanted to help them out.
>
> How many semi serious issues exist where people just never bother to
> disclose them to the public and where the vendor decides to ignore the
> notification?
>
[snip]
> I told MS about this back on 0ct 10 2002 and even sent them exploit
> code, never even got a response, not even a "sorry we don't consider it
> a threat" note.
[snip

In some cases, people are threatened with lawsuits by companies, which is a
great way of getting people on your side, and making friends. (sarcasm, by
the way.)

Vendors/Companies bring it upon themselves 99.9% of the time the way people
act towards them. There are several companies I have no intention of ever
talking to again.

- andrewg

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux