lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <200406252148.i5PLmEkH004533@web125.megawebservers.com>
Date: Fri, 25 Jun 2004 21:48:14 -0000
From: "http-equiv@...ite.com" <1@...ware.com>
To: "Burnes, James" <james.burnes@....com>, <1@...ware.com>,
   <bugtraq@...urityfocus.com>
Cc: <NTBugtraq@...tserv.ntbugtraq.com>, <full-disclosure@...ts.netsys.com>
Subject: RE: Microsoft and Security




volunteer as an expert witness when the negligence lawsuits 
finally arise :)

and you?

"Burnes, James" <james.burnes@....com> said:

> One word,
> 
> m-o-n-o-p-o-l-y
> 
> And what are you going to do about it, punk?
> 
> 
> 
> > -----Original Message-----
> > From: full-disclosure-admin@...ts.netsys.com [mailto:full-
disclosure-
> > admin@...ts.netsys.com] On Behalf Of http-equiv@...ite.com
> > Sent: Friday, June 25, 2004 10:02 AM
> > To: bugtraq@...urityfocus.com
> > Cc: NTBugtraq@...tserv.ntbugtraq.com; full-
disclosure@...ts.netsys.com
> > Subject: [Full-Disclosure] Microsoft and Security
> > 
> > 
> > 
> > Where is Microsoft now "protecting their customers" as they 
love
> > to bray? Should not someone in authority of this public 
company
> > step forward and explain themselves at this time?
> > 
> > All of sudden panic is being created across the WWW with "IIS
> > Exploit Infecting Web Site Visitors With 
Malware", "Mysterious
> > Attack Hits Web Servers", "Researchers warn of infectious Web
> > sites" all stemming from all news accounts from an
> > unpatched "problem" with Internet Explorer now two weeks old 
and
> > counting, which in fact in reality stems from 10 months ago,
> > that being the adodb.stream safe for scripting control with
> > write capabilities.
> > 
> > What exactly is being done about this? Nothing. What does
> > multiple billions of dollars buy you today. Nothing. However 
for
> > $20 million you can almost fly to the moon.
> > 
> > Someone ought to step forward and explaini what exactly is
> > happening at this public company. The great "protector of 
their
> > customers". One might even suggest that their 
entire "security"
> > mandate be re-examined. What exactly do they consider a
> > vulnerability? Something that suits them or something that's
> > cost effective to fix. So what, a few people lose their
> > identities, have a few dollars extracted from their bank
> > accounts, have their home pages reset, we'll fix it when it
> > suits us as we have to be on budget this quarter. The  Big 
Boss
> > says $40 billion isn't enough this year.
> > 
> > A vulnerability:
> > 
> > 
http://www.microsoft.com/technet/archive/community/columns/securi
> > ty/essays/vulnrbl.mspx
> > 
> > "A security vulnerability is a flaw in a product that makes 
it
> > infeasible - even when using the product properly-to prevent 
an
> > attacker from usurping privileges on the user's system,
> > regulating its operation, compromising data on it, or 
assuming
> > ungranted trust."
> > 
> > what this gibberish? For the past 10 months the adobd.stream
> > object is capable of writing files to the "all important
> > customer's" computer. It has real world consequences. It 
rapes
> > their computer. Does it fit into the gibberish custom
> > definition. Plain and simple: "A security vulnerability is a
> > flaw in a product that makes it infeasible". What kind of
> > language is this. Reads like the financial department 
conjured
> > it up.
> > 
> > Disabling scripting won't solve it. Putting sites in one of 
the
> > myriad of "zones' won't solve it. Internet Explorer can
> > trivially be fooled into operating in the less than secure 
so-
> > called "intranet zone" and it can be guided there remotely.
> > 
> > What's happening here. Where is the Microsoft representative
> > explaining all of this to the shareholders and "customers" 
they
> > so dearly wish to protect.  This is unacceptable.  Someone 
must
> > be held accountable.
> > 
> > 
> > --
> > http://www.malware.com
> > 
> > 
> > 
> > 
> > 
> > 
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> 



-- 
http://www.malware.com


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ