| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu) Subject: Re: MS Security Response is a bunch of half-witted morons On Fri, 12 Mar 2004 16:09:21 EST, jim_walsh@...dyear.com said: > seems a little childish. And if one was to argue that "Aanyone needs to > read these articles not just people that support M$ OS's", well to > that...most people that have a M$ OS as an end user have auto update > turned on and dont even think twice about it...if they update at all. So - explain to me again why the fact that some users enable auto-update (which actually is probably a good thing if the auto-updates don't break your system) is justification for requiring poor security practices in order to read the security bulletin? If Microsoft *REALLY* cared about security, it would be possible to do this: % (echo "GET url.of.bulletin HTTP/0.9"; echo) | telnet www.microsoft.com 80 and it would Just Work, and the results should be at least somewhat readable. For those who don't think this is possible, go look at http://www.cert.org/ advisories/CA-2001-04.html and look at the HTML source - no scripting, and the body text is quite clean and readable. Instead, we have the same sort of "glitz and function rather than security" mindset which *caused* the whole mess in the first place. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040314/0d6f8df5/attachment.bin
Powered by blists - more mailing lists