| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: tim-security at sentinelchicken.org (Tim) Subject: 3 new MS patches next week... but none fix > Time for me to get on my soapbox too. > > What are the three patches, what's your source of information, and do they > fix things readers of this list need to know about? > > Less gossip, more information, please. Sorry if you consider this to be more gossip. I know nothing of these 3 patches being released, but I thought this bit of background might be illuminating: A certain very large vendor has been trying to court my company, and during small talk over lunch, we mentioned we were very busy with the M$ patch batch of the month. In a little mum's-the-word response, the vendor representative implied that they could make that problem "go away" with something they called "virtual patches", which he was quite smug about. I was very confused at first, as he didn't appear to be trying to sell a specific product, but when I ran the conversation back through my mind, I realized that M$ must be giving pre-release information to major vendors. Probably for a heafty price tag. This is sickening to me. M$ likely is making money off of their own liability. This is very similar to the bullshit trick the ISC has been pulling with BIND. In any case, this may be the source of the leaks. Not that this 3rd or 4th hand information should be trusted, but it might explain the source. cheers, tim
Powered by blists - more mailing lists