lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
From: james.burnes at gwl.com (Burnes, James)
Subject: Microsoft and Security

One word,

m-o-n-o-p-o-l-y

And what are you going to do about it, punk?



> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-
> admin@...ts.netsys.com] On Behalf Of http-equiv@...ite.com
> Sent: Friday, June 25, 2004 10:02 AM
> To: bugtraq@...urityfocus.com
> Cc: NTBugtraq@...tserv.ntbugtraq.com; full-disclosure@...ts.netsys.com
> Subject: [Full-Disclosure] Microsoft and Security
> 
> 
> 
> Where is Microsoft now "protecting their customers" as they love
> to bray? Should not someone in authority of this public company
> step forward and explain themselves at this time?
> 
> All of sudden panic is being created across the WWW with "IIS
> Exploit Infecting Web Site Visitors With Malware", "Mysterious
> Attack Hits Web Servers", "Researchers warn of infectious Web
> sites" all stemming from all news accounts from an
> unpatched "problem" with Internet Explorer now two weeks old and
> counting, which in fact in reality stems from 10 months ago,
> that being the adodb.stream safe for scripting control with
> write capabilities.
> 
> What exactly is being done about this? Nothing. What does
> multiple billions of dollars buy you today. Nothing. However for
> $20 million you can almost fly to the moon.
> 
> Someone ought to step forward and explaini what exactly is
> happening at this public company. The great "protector of their
> customers". One might even suggest that their entire "security"
> mandate be re-examined. What exactly do they consider a
> vulnerability? Something that suits them or something that's
> cost effective to fix. So what, a few people lose their
> identities, have a few dollars extracted from their bank
> accounts, have their home pages reset, we'll fix it when it
> suits us as we have to be on budget this quarter. The  Big Boss
> says $40 billion isn't enough this year.
> 
> A vulnerability:
> 
> http://www.microsoft.com/technet/archive/community/columns/securi
> ty/essays/vulnrbl.mspx
> 
> "A security vulnerability is a flaw in a product that makes it
> infeasible - even when using the product properly-to prevent an
> attacker from usurping privileges on the user's system,
> regulating its operation, compromising data on it, or assuming
> ungranted trust."
> 
> what this gibberish? For the past 10 months the adobd.stream
> object is capable of writing files to the "all important
> customer's" computer. It has real world consequences. It rapes
> their computer. Does it fit into the gibberish custom
> definition. Plain and simple: "A security vulnerability is a
> flaw in a product that makes it infeasible". What kind of
> language is this. Reads like the financial department conjured
> it up.
> 
> Disabling scripting won't solve it. Putting sites in one of the
> myriad of "zones' won't solve it. Internet Explorer can
> trivially be fooled into operating in the less than secure so-
> called "intranet zone" and it can be guided there remotely.
> 
> What's happening here. Where is the Microsoft representative
> explaining all of this to the shareholders and "customers" they
> so dearly wish to protect.  This is unacceptable.  Someone must
> be held accountable.
> 
> 
> --
> http://www.malware.com
> 
> 
> 
> 
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists