| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <008f01c36fca$b0b4ed30$550ffea9@rms> From: rms at computerbytesman.com (Richard M. Smith) Subject: Bill Gates blames the victim Hi, I just saw this interview with Bill Gates in today's New York Times: Virus Aside, Gates Says Reliability Is Greater http://www.nytimes.com/2003/08/31/technology/31SMIC.html Boy, talking about blaming the victim: [Gates] "The fact that these attacks are coming out and that people's software is not up to date in a way that fully prevents an attack on them is something we feel very bad about." And ducking questions by blaming the victim: Q. "The buffer overrun flaw that made the Blaster worm possible was specifically targeted in your code reviews last year. Do you understand why the flaw that led to Blaster escaped your detection?" A. "Understand there have actually been fixes for all of these things before the attack took place. The challenge is that we've got to get the fixes to be automatically applied without our customers having to make a special effort." Patching security holes is a poor substitute for avoiding them in the first place. If three guys in Poland can find a buffer overflow in DCOM without access to Windows source code, why can't Microsoft? Richard M. Smith http://www.ComputerBytesMan.com
Powered by blists - more mailing lists