lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: jasonc at science.org (Jason Coombs)
Subject: Microsoft prepares security assault on Linux

Aloha, Russ!

Honey attracts ants, and they're much harder to get rid of than are
flies. Ants also set into motion that whole food web thing, bringing in
larger and larger pests over time.

You should allocate a few more CPU cycles to understanding the real
reason that Microsoft has been nice to you over the years. They want
something in return. They allow you your little tantrums now and then
because they really don't have any effect on their bottom line, and
remember the old adage "there's no such thing as negative publicity."

Microsoft needs you to keep churning out Microsoft-brand information.
The more times Microsoft's products are mentioned, the better. You're
part of the media and from what I can tell that's how they've always
perceived you -- have they ever perceived you as a developer/book
author/technical writer/purchasing agent/distributor/business
partner/other for-profit commercial entity?

I'm amazed at the degree and scope of thought control that Microsoft has
succeeded in creating. Certain tried, tested, and proven thought
processes from the information security field are killed as soon as they
appear, even outside Microsoft, because they pose real threats to the
viability of a company in denial. It is no different from any substance
abusing/alcoholic family with the pink elephant in the living room.

Sincerely,

Jason

Russ wrote:

> Jason said;
> 
> 
>>I wrote an information security book last year under contract with 
>>Microsoft Press. The book was never published -- among other things it 
>>explains truthfully the poor security condition of Windows and offers 
>>detailed instructions and advice for defending against Microsoft's bad 
>>business practices and incorrect security decisions.
> 
> 
> Because maybe a book isn't needed to describe what I describe in 3 pages, 10 points, keystroke by keystroke, button click by button click, documentation. Assuming the requisite files are on hand, it takes less than an hour to "harden" an IIS box against all of this years attacks, and the document was written 2 years ago.
> 
> Fine, my 3 pages doesn't help "to educate developers of Web applications so that fewer new vulnerabilities would have been created.", but at least mine got published to our customers...;-]
> 
> 
>>Microsoft suppresses awareness of vulnerabilities in order to profit.
> 
> 
> Funny how they've always encouraged me with NTBugtraq, that would seem to be at odds with your perception of their position. Funny how I once tried to convince them to bury a vulnerability patch in a service pack rather than release a security bulletin, and there was no way they would have it.
> 
> The old adage, "You catch more flies with honey" seems to often be the opinion of publishers, one reason I've never written a book (no publisher wants to publish a book written the way I write...;-]) Since they're putting the money up, I have to assume they have good stats on the demographics of who will buy it and what the buyer expects. Its their audience, write it for yourself, publish it yourself (as you've done.) That they thought it wasn't going to be profitable (from a publishing perspective) doesn't necessarily mean Microsoft is trying to "suppress awareness of vulnerabilities", it could just mean they didn't think it would sell.
> 
> Cheers,
> Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor
> 





Powered by blists - more mailing lists