lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: bkdelong at pobox.com (B.K. DeLong)
Subject: Bill Gates blames the victim

At 10:28 AM 8/31/2003 -0400, Richard M. Smith wrote:
>Patching security holes is a poor substitute for avoiding them in the
>first place.  If three guys in Poland can find a buffer overflow in DCOM
>without access to Windows source code, why can't Microsoft?

Because Microsoft continues to build on top of already flawed code. When I 
was more involved in the Web Standards Project it was a HUGE windfall to 
have Microsoft rebuild IE from scratch from version 4 to 5. Their constant 
mantra is and has been - if the customers aren't asking for it, there's no 
business case to do it.

An interesting trend I continue to see at the ApacheCon, Black Hat and 
DEFCON conferences is the change in operating systems on laptops. Those 
content to run Linux or some flavor of BSD still are; but those hackers who 
used to come to conferences running Windows have now moved to OS/X. Being a 
hardcore Windows user since the late 80s, I myself am even ready to make 
the switch and the cool thing is, because of the easy-to-use Mac GUI, I can 
switch my mother as well.

I think if this trend continues (and I'm confident it will) then we'll 
begin to see larger customers of Windows move to OS/X.  Then, and only 
then, will Microsoft HAVE to make their OS more secure but until they have 
a viable and business-threatening competition I don't think anything will 
change short of the Government taking action.

Just my $0.02....

--
B.K. DeLong
bkdelong@...ox.com
+1.617.797.2472

http://ocw.mit.edu                           Work.
http://www.brain-stream.com               Play.
http://www.the-leaky-cauldron.org        Potter.
http://www.city-of-doors.com               Sigil

PGP Fingerprint:
38D4 D4D4 5819 8667 DFD5  A62D AF61 15FF 297D 67FE


Powered by blists - more mailing lists