lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
From: rahnemann at affinity-mortgage.com (Robert Ahnemann)
Subject: Bill Gates blames the victim

>Again, the message is M$ should fix their software.  Trying to automate
>the patch cycle without the permission of the user is and still does
not
>solve the initial problem.

Good point, but my emphasis was on people obtaining the patches in the
first place.  While yes, they might be unreliable, they at least cover
the publicized exploit.  When was the last time that a worm was
extensively spread via an undocumented hole, or even a hole that was
documented and never patched?  MS is good about fixing what it finds.
Whether or not those fixes cause further issues which require patching
is a separate issue.  As long as the patch is ahead of the virus, where
does the accountability really fall?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ