lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <3F0878F9.6000002@yahoo.com>
From: gandalf94305 at yahoo.com (gandalf94305)
Subject: Microsoft Cries Wolf ( again )

Normally, if there is a bug with some commercial software, you report it 
to the vendor. If there is a bug in some community-supported software, 
you report it to the appropriate forum or mailing list. Hmm... if you 
have reason to suspect that the vendor will do nothing about your report 
and in fact even refrain from publishing its existence, going public is 
a plausible way of putting some extra pressure on that company.

Microsoft has never been known for either being innovative or being 
responsive to customer problems. In fact, with every new release of 
operating systems or office suites, major parts are rewritten, leading 
to a high probability of a whole range of new bugs. Buffer overflows are 
quite common problems and could be avoided (because you know exactly 
where they are likely to happen) by the software developers... The same 
holds for many security issues (e.g., default settings of Outlook, 
Internet Exploder and others). However, the past clearly indicated that 
no major attempt has been made to make Outlook more secure (pardon me, 
secure... "more" implies there is already security :-)), make the usage 
of IE as an Internet browser less problematic, and keep spyware out of 
the operating system (in fact, Microsoft itself includes such).

Therefore, while with most software I would recommend going the 
"standard" way as mentioned at the beginning of my posting, I do 
recommend going public with security flaws and bugs in Windows-related 
products because otherwise Microsoft won't respond in a reasonable 
fashion. I would claim that many bugs are known but do not get fixed 
until somebody complains. People just live with the deficiencies because 
it is easier than to keep sending messages to Microsoft support and get 
no replies.

Cheers,
--gandalf.

"In a world without walls and fences, who needs windows and gates?"

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ