lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.62.0502261324060.26261@predator.treachery.net>
Date: Sat, 26 Feb 2005 13:32:34 -0800 (PST)
From: "Jay D. Dyson" <jdyson@...achery.net>
To: "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@...bell.net>
Cc: Bugtraq <bugtraq@...urityfocus.com>,
	Paul <paul@...yhats.cjb.net>, Sonny.Discini@...tgomerycountymd.gov
Subject: Re: Office 10 applications & flashdrives can be used to browse   
	restricted drives


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sat, 26 Feb 2005, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:

> Go back and read the original post.

 	Why?  I'm not even replying to the original post.  I couldn't give 
a good rip about the original post.

> "VENDOR RESPONSE

 	First mistake.  I take every vendor response with a grain of salt 
since it's always run through their PR department and their corporate 
lawyers before we ever get treated to the watered-down (and usually 
fact-free) missive that they design to toss at us like so many table 
scraps.  Those of us who have been around long enough will starkly recall 
the "vendor response" that Ford Motor Company had when its Pintos 
developed a penchant for exploding when rear-ended.  Nufsed.

> Whether or not you want to cut Microsoft some slack... there's a process 
> of ethical and responsible disclosure that I would expect Sonny as a 
> representative of a governmental agency would understand.  He not only 
> put his own government computers at risk but others in this disclosure, 
> yes?

 	In my book, Microsoft is the entity that put those systems at risk 
with their shoddy malware.  Sonny only showed that the flaw existed.  I'll 
leave it to the philosophy majors to debate the ethics of the issue. 
Personally, I believe in full disclosure.  And considering that Microsoft 
has (for want of a better expression) money coming out of its butt, I 
should think they'd be able to spend that money in a fashion that would 
put security first...and quick.

 	And I'm glad your SP2 implementation went well.  I had to deal 
with VPNs when SP2 rolled out.  If you'd had to, your outlook on that 
service pack would be decidely less than cheery.

- -Jay

   (    (                                                        _______
   ))   ))   .-"There's always time for a good cup of coffee"-.   >====<--.
C|~~|C|~~| (>----- Jay D. Dyson -- jdyson@...achery.net -----<) |    = |-'
  `--' `--'  `-I just started World War III.  You're welcome.-'  `------'

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (TreacherOS)
Comment: See http://www.treachery.net/~jdyson/ for current keys.

iD8DBQFCIOr5BYoRACwSF0cRAhtNAJ0VuDDs2yPVS722o67lIs/JgEyX9wCeIfi9
uJ/xN56JliAYBfIrVorn2P4=
=Mg87
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ