[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <00c501c61282$b0572f30$0a01a8c0@anchorsign.com>
Date: Thu, 5 Jan 2006 21:33:12 -0800
From: "Thor (Hammer of God)" <thor@...merofgod.com>
To: <bugtraq@...urityfocus.com>
Subject: Re: what we REALLY learned from WMF
> What we really learn from this all WMF "thingie", is that when Microsoft
> wants to, it can.
>
> Microsoft released the WMF patch ahead of schedule
> ( http://blogs.securiteam.com/index.php/archives/181 )
>
> Yep, THEY released the PATCH ahead of schedule.
>
> What does that teach us?
"We?" "Us?" Just who are you referring to? A vulnerability was
discovered, they researched it, created and tested a patch (like they always
do) and issued it. Done. Move on, please. There is nothing to learn here,
other than the fact that everyone and their brother came out of the woodwork
saying that the world was going to end and spreading mis-information. I
believe even *you* posted erroneous information. Nice.
First everyone bitches about how bad Microsoft security is, how they don't
"get it" and how they don't care. Then, when they issue a patch
out-of-cycle, we hear pompous comments like "See! I told you so! They can
do it if they want to, so they should do EVERYTHING like this!!" They
handled it the right way, and still, they get criticism. Great.
> Maybe it’s just that we are used to sluggishness. Perhaps it is time we,
> as users and clients, started DEMANDING of Microsoft to push things up a
> notch.
Oh, that's rich. Let's see-- wasn't it YOU that said to Dave Litchfield
regarding Oracle:
<snip>
> That is your choice.. although I personally believe you are being very
> extreme in your take on how alone Oracle is.
>
> It's not that I disagree with their behavior being questionable, I
> honestly believe a survey of how all vendors do where the s**t floats to
> the top without singling out the Bad but rather the Good, would work
> better.
</snip>
So, it's OK for Oracle to have the worst security (both in product and in
attitude) of any vendor on the face of the planet, and to take the "Oh,
let's not pick on them by singling them out" mindset, but now you are
DEMANDING that every patch be treated like the WMF patch just because YOU
said so?? Why are you singling out Microsoft here?
What about WINE? Where is your DEMAND that THEY patch immediately? Where
is the patch, anyway? Oh, there isn't one yet. Shouldn't you be ripping
them a new one? After all, WINE is still vulnerable to the WMF exploit.
> Put in the necessary resources, and release patches within days of first
> discovery. I’m willing to live with weeks and months in comparison to the
> year+ that we have seen sometimes. Naturally some problems take longer to
> fix, but you get my drift.
Oh, I totally get your drift. You are biased, and speak with a forked
tongue.
t
Powered by blists - more mailing lists