lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <2936.203.33.133.31.1057192167.squirrel@d2.net.au>
From: andrewg at d2.net.au (andrewg@...net.au)
Subject: Microsoft Cries Wolf ( again )

>> About a year ago, I tripped over this issue. (I have since found out
>> it is a known bug - see http://www.sitepoint.com/print/1029). In an
>> effort to help MS, I spent hours of company time registering to
>> various bug reporting services on MS sites - and never found one that
>> would accept my bug report because IE is not a paid product. Not that
>> I wanted any support - I only wanted to help them out.
>
> How many semi serious issues exist where people just never bother to
> disclose them to the public and where the vendor decides to ignore the
> notification?
>
[snip]
> I told MS about this back on 0ct 10 2002 and even sent them exploit
> code, never even got a response, not even a "sorry we don't consider it
> a threat" note.
[snip

In some cases, people are threatened with lawsuits by companies, which is a
great way of getting people on your side, and making friends. (sarcasm, by
the way.)

Vendors/Companies bring it upon themselves 99.9% of the time the way people
act towards them. There are several companies I have no intention of ever
talking to again.

- andrewg



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ