| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ELEOLHOJFMBPBFCJHOCIIEIDDJAA.aditya.deshmukh@online.gateway.technolabs.net> From: aditya.deshmukh at online.gateway.technolabs.net (Aditya, ALD [Aditya Lalit Deshmukh]) Subject: InfoSec sleuths beware ... > -----Original Message----- > From: full-disclosure-admin@...ts.netsys.com > [mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of Nancy Kramer > Sent: Thursday, February 19, 2004 6:17 AM > To: Gregory A. Gilliss; full-disclosure@...ts.netsys.com > Subject: Re: [Full-Disclosure] InfoSec sleuths beware ... > > > What Gregory says makes a lot of sense. MS is trying to use free > labor to > improve their competitive advantage. The good thing about it is that MS > software will probably be more secure as a result for the > endusers and the > net community as a whole. maybe that would reduce the number of stupid viruses and other ma(i)lware that send out spam and pound out apache servers with tons of useless requests and fill out inboxs with spam as the people with real security background are working on the source code, ms should do its end users a favor and release all the source code for public review! guys be sure to send your bills to microsoft after your work of finding bugs bears some fruits.. security source code review does not come cheap and let ms know that ( p'robally they already know this ) -aditya > > Regards, > > Nancy Kramer > Webmaster http://www.americandreamcars.com > Free Color Picture Ads for Collector Cars > One of the Ten Best Places To Buy or Sell a Collector Car on the Web > > > > At 04:45 PM 2/18/2004, Gregory A. Gilliss wrote: > >Did I miss the thread or has no one yet postulated that the Microsoft > >source code subset was leaked intentionally in order to afford M$ the > >free services of hundreds or thousands of security researchers auditing > >their code for them? > > > >It is a known fact that Windows 2000 and XP are soon to be depreciated > >in favor of the next generation OS. W2K and WXP will be supported for > >another year or so afterwards. The new component probably will contain > >some of the current code set, so why not risk a couple of > serious exploits > >(like M$ cares) in favor of getting your code certified by the community > >for free? > > > >G > > > >On or about 2004.02.18 13:06:44 +0000, Blue Boar > (BlueBoar@...evco.com) said: > > > > > There are clear, admitted cases of reverse engineering by vulnerabiity > > > researchers, which are prohibited by EULA, and which MS has so far > > > declined to pursue. Why should this be different? MS afraid the EULA > > > restrictions wouldn't hold up? > > > >-- > >Gregory A. Gilliss, CISSP E-mail: > >greg@...liss.com > >Computer Security WWW: > >http://www.gilliss.com/greg/ > >PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 > B4 14 0E > >8C A3 > > > >_______________________________________________ > >Full-Disclosure - We believe in it. > >Charter: http://lists.netsys.com/full-disclosure-charter.html > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > ________________________________________________________________________ Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)
Powered by blists - more mailing lists