lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200403150440.i2F4e0Qa028259@turing-police.cc.vt.edu>
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu)
Subject: Re: MS Security Response is a bunch of half-witted morons 

On Fri, 12 Mar 2004 16:09:21 EST, jim_walsh@...dyear.com said:
> seems a little childish.  And if one was to argue that "Aanyone needs to 
> read these articles not just people that support M$ OS's", well to 
> that...most people that have a M$ OS as an end user have auto update 
> turned on and dont even think twice about it...if they update at all.

So - explain to me again why the fact that some users enable auto-update (which
actually is probably a good thing if the auto-updates don't break your system)
is justification for requiring poor security practices in order to read the
security bulletin?

If Microsoft *REALLY* cared about security, it would be possible to do this:

% (echo "GET url.of.bulletin HTTP/0.9"; echo) | telnet www.microsoft.com 80

and it would Just Work, and the results should be at least somewhat readable.
For those who don't think this is possible, go look at http://www.cert.org/
advisories/CA-2001-04.html and look at the HTML source - no scripting, and the
body text is quite clean and readable.

Instead, we have the same sort of "glitz and function rather than security"
mindset which *caused* the whole mess in the first place.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040314/0d6f8df5/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ