[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.62.0502261324060.26261@predator.treachery.net>
Date: Sat, 26 Feb 2005 13:32:34 -0800 (PST)
From: "Jay D. Dyson" <jdyson@...achery.net>
To: "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@...bell.net>
Cc: Bugtraq <bugtraq@...urityfocus.com>,
Paul <paul@...yhats.cjb.net>, Sonny.Discini@...tgomerycountymd.gov
Subject: Re: Office 10 applications & flashdrives can be used to browse
restricted drives
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sat, 26 Feb 2005, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:
> Go back and read the original post.
Why? I'm not even replying to the original post. I couldn't give
a good rip about the original post.
> "VENDOR RESPONSE
First mistake. I take every vendor response with a grain of salt
since it's always run through their PR department and their corporate
lawyers before we ever get treated to the watered-down (and usually
fact-free) missive that they design to toss at us like so many table
scraps. Those of us who have been around long enough will starkly recall
the "vendor response" that Ford Motor Company had when its Pintos
developed a penchant for exploding when rear-ended. Nufsed.
> Whether or not you want to cut Microsoft some slack... there's a process
> of ethical and responsible disclosure that I would expect Sonny as a
> representative of a governmental agency would understand. He not only
> put his own government computers at risk but others in this disclosure,
> yes?
In my book, Microsoft is the entity that put those systems at risk
with their shoddy malware. Sonny only showed that the flaw existed. I'll
leave it to the philosophy majors to debate the ethics of the issue.
Personally, I believe in full disclosure. And considering that Microsoft
has (for want of a better expression) money coming out of its butt, I
should think they'd be able to spend that money in a fashion that would
put security first...and quick.
And I'm glad your SP2 implementation went well. I had to deal
with VPNs when SP2 rolled out. If you'd had to, your outlook on that
service pack would be decidely less than cheery.
- -Jay
( ( _______
)) )) .-"There's always time for a good cup of coffee"-. >====<--.
C|~~|C|~~| (>----- Jay D. Dyson -- jdyson@...achery.net -----<) | = |-'
`--' `--' `-I just started World War III. You're welcome.-' `------'
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (TreacherOS)
Comment: See http://www.treachery.net/~jdyson/ for current keys.
iD8DBQFCIOr5BYoRACwSF0cRAhtNAJ0VuDDs2yPVS722o67lIs/JgEyX9wCeIfi9
uJ/xN56JliAYBfIrVorn2P4=
=Mg87
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists