lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed Apr 13 22:04:00 2005
From: dk at pwarchitects.com (dk)
Subject: Microsoft April Security Bulletin Webcast BS

Micheal Espinola Jr wrote:
> Wow... so, I'm listening to the webcast while doing my work today. I just 
> heard him (the male presenter) say (three times now) that because some of 
> the vulnerabilities have *not been publicly disclosed* that they are *not 
> publicly exploitable*.
>  *OMFG*.

MS exploit motto?

<teasing_baby_voice>
Peek-a-booo!
If you can't see me,
I can't see you!
</teasing_baby_voice>


I guess they are just trying to reinforce their recent idea that 0dayz 
== NULL and only patches beget exploits. While obviously wrong, this 
/is/ a handy PR stance I guess. If they say it enough times, it might 
just become true too, right? (Developers, Developers, Developers....)

Heheheh -- Sorry, too much sugar this afternoon.

-- 
dk

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ