lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: james.burnes at gwl.com (Burnes, James) Subject: Microsoft and Security One word, m-o-n-o-p-o-l-y And what are you going to do about it, punk? > -----Original Message----- > From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure- > admin@...ts.netsys.com] On Behalf Of http-equiv@...ite.com > Sent: Friday, June 25, 2004 10:02 AM > To: bugtraq@...urityfocus.com > Cc: NTBugtraq@...tserv.ntbugtraq.com; full-disclosure@...ts.netsys.com > Subject: [Full-Disclosure] Microsoft and Security > > > > Where is Microsoft now "protecting their customers" as they love > to bray? Should not someone in authority of this public company > step forward and explain themselves at this time? > > All of sudden panic is being created across the WWW with "IIS > Exploit Infecting Web Site Visitors With Malware", "Mysterious > Attack Hits Web Servers", "Researchers warn of infectious Web > sites" all stemming from all news accounts from an > unpatched "problem" with Internet Explorer now two weeks old and > counting, which in fact in reality stems from 10 months ago, > that being the adodb.stream safe for scripting control with > write capabilities. > > What exactly is being done about this? Nothing. What does > multiple billions of dollars buy you today. Nothing. However for > $20 million you can almost fly to the moon. > > Someone ought to step forward and explaini what exactly is > happening at this public company. The great "protector of their > customers". One might even suggest that their entire "security" > mandate be re-examined. What exactly do they consider a > vulnerability? Something that suits them or something that's > cost effective to fix. So what, a few people lose their > identities, have a few dollars extracted from their bank > accounts, have their home pages reset, we'll fix it when it > suits us as we have to be on budget this quarter. The Big Boss > says $40 billion isn't enough this year. > > A vulnerability: > > http://www.microsoft.com/technet/archive/community/columns/securi > ty/essays/vulnrbl.mspx > > "A security vulnerability is a flaw in a product that makes it > infeasible - even when using the product properly-to prevent an > attacker from usurping privileges on the user's system, > regulating its operation, compromising data on it, or assuming > ungranted trust." > > what this gibberish? For the past 10 months the adobd.stream > object is capable of writing files to the "all important > customer's" computer. It has real world consequences. It rapes > their computer. Does it fit into the gibberish custom > definition. Plain and simple: "A security vulnerability is a > flaw in a product that makes it infeasible". What kind of > language is this. Reads like the financial department conjured > it up. > > Disabling scripting won't solve it. Putting sites in one of the > myriad of "zones' won't solve it. Internet Explorer can > trivially be fooled into operating in the less than secure so- > called "intranet zone" and it can be guided there remotely. > > What's happening here. Where is the Microsoft representative > explaining all of this to the shareholders and "customers" they > so dearly wish to protect. This is unacceptable. Someone must > be held accountable. > > > -- > http://www.malware.com > > > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists