lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
From: rms at computerbytesman.com (Richard M. Smith)
Subject: Bill Gates blames the victim

Hi,

I just saw this interview with Bill Gates in today's New York Times:

   Virus Aside, Gates Says Reliability Is Greater
   http://www.nytimes.com/2003/08/31/technology/31SMIC.html

Boy, talking about blaming the victim:

   [Gates] "The fact that these attacks are coming out and that 
   people's software is not up to date in a way that fully 
   prevents an attack on them is something we feel very bad about."

And ducking questions by blaming the victim:

   Q. "The buffer overrun flaw that made the Blaster worm 
   possible was specifically targeted in your code reviews 
   last year. Do you understand why the flaw that led to 
   Blaster escaped your detection?"

   A. "Understand there have actually been fixes for all of 
   these things before the attack took place. The challenge 
   is that we've got to get the fixes to be automatically 
   applied without our customers having to make a special effort."

Patching security holes is a poor substitute for avoiding them in the
first place.  If three guys in Poland can find a buffer overflow in DCOM
without access to Windows source code, why can't Microsoft?

Richard M. Smith
http://www.ComputerBytesMan.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ