[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <3F571E8C.11575.C0D62DB8@localhost>
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: Flaw in NetBIOS Could Lead to Information
Disclosure (824105)
Irwan Hadi <irwanhadi@...by.com> wrote:
> http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-034.asp
>
> Microsoft Security Bulletin MS03-034 Print
>
> Flaw in NetBIOS Could Lead to Information Disclosure (824105)
> Originally posted: September 03, 2003
<<snip ~15KB of MS copyrighted material>>
Several things:
1. Do you have MS' permission to repost these in their entirety?
According to MS' Terms of Use on their web site and clealry linked from
the page you c'n'p-ed that text from:
http://www.microsoft.com/info/cpyright.htm
...
PERSONAL AND NON-COMMERCIAL USE LIMITATION.
Unless otherwise specified, the Services are for your personal and
non-commercial use. You may not modify, copy, distribute, transmit,
display, perform, reproduce, publish, license, create derivative
works from, transfer, or sell any information, software, products or
services obtained from the Services.
2. People are already complaining about how slow the F-D list is. Do
you really think we need it bogged down by having to send umpteen
thousand copies of your 17KB message?
3. Were you aware that subscribing to MS' own lists for security
bulletin distribution is possible? Many people on this list likely
already do that so all you are doing is duplicating their mail load in
respect of this message.
4. Other lists already provide MS security bulletin summarizing
services. I received notifications and a summarized version of all
five of today's batch of MS security bulletins from NTBugtraq before I
received the first of your re-postings.
5. If you intend to keep up this "service", do you really think you
can provide the timeliness and perfect record of the automated MS list
or of Russ Cooper's automated summarizer? Personally, I expect the MS
list server (slow as it is -- I haven't received the first of these yet
and will probably not get the last until sometime on Saturday if recent
performance of that list, multipled by five, is anything to go by) and
Russ' automated summarizer to get notifications to much more reliably
(albeit slowly in MS' case) than you will be able to.
6. Many of us are _NOT_ on fast connections so your unnecessary
clogging of our download capacity with these postings is a real
piss-off.
In summary -- stop doing this!
If you really _must_ "help" with such announcements, please constrain
yourself to posting the URL and a _brief_ summary -- the affected s/w
list and the "Technical details" section down to, but not including,
the "Mitigating factors" sub-section should be sufficient for most folk
to decide whether they need to go look at the whole bulletin.
Regards,
Nick FitzGerald
Powered by blists - more mailing lists