[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <BAE1ACA0.15621%adf@code511.com>
From: adf at code511.com (adf--at--Code511.com)
Subject: Hotmail & Passport (.NET Accounts)
>> Is it me or ms never credit vulnerabilities according to
>> http://www.microsoft.com/security/passport_issue.asp "a report was
>> published detailing a security vulnerability(...)"? No more details or
>> credit.
>
> And they should because...? If you ask me, doing this for "fame and
> fortune" is really against what i would call traditional hacker ethic.
That was just a simple question. AFAIK they DO for some vunerabilities: do
you remember IIS issue (MS99-047) discovered by eeye years ago? Well the
Acknowledgments display credit. Same for most of the latest security bultins
as displayed http://www.microsoft.com/technet/security/: MS03-015 etc...
The question is not fame or whatever you call it, just a question about
selective Acknowledgments from ms.
My 2 cents,
Deepquest
"Ubi solitudinem faciunt, pacem appelant"
Powered by blists - more mailing lists