[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3F01725D.9050702@snosoft.com>
From: dotslash at snosoft.com (KF)
Subject: Microsoft Cries Wolf ( again )
>
>
>The solution to this problem lies in the hands of the vendors, *not* in the hands of the researchers.
>
*This is no lie... after a while one (researchers) simply gets tired of
bending over backwards
to get the vendor to listen. You get to a point where you simply don't
care sometimes...*
vendors are frustrating... they first act like they can't talk to you
unless you are
paying for support... then the don't understand what it is you are
trying to say...
then they claim that oh thats not a business critical issue we are gonna
sit on our
rump for 6 months and then maybe we will fix it.... IF you even make it
to that
point...
For examle I am waiting on a certain 3 letter company to get back to me
on a local root
exploit... I used their web based email form which claims a 24 hour
response time... its
now 5 days later and no response... that failed so I start the usual
blind emails to security@
support@ somebodyfirggenhelpme@ and no one responds... so then I call
their phone and
go through every friggin option in their PBX system.. still can't find
someone to help out...
"... security staff... what do you mean... I have never had someone ask
something like that"
me: you know... like I have a security issue with your product... you
need to fix it...
"thats interesting... I'll have to see what I can find... we never get
calls like this"
me: *sigh*
I have done my due dilligence... here in about 1 day the problem is 100%
theirs... I will give
the public the old chomd -s reccomendation and be done with it...
Someone in the .gov get us a vendor responsibility bill or something...
-KF
Powered by blists - more mailing lists