lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <200403151002.i2FA2GP21489@netsys.com>
From: andrew at dev.bigfishinternet.co.uk (Andrew Aris)
Subject: Re: MS Security Response is a bunch of half-witted morons

Nick,

As much as I agree with you that this is someting of a blunder by
Microsoft's web design people and that it does give out an impression of a
bad attitude towards security rather than being a huge risk per-se (not
saying that there is no risk involved). In fact I agree with more or less
all the points you make that despite their recent efforts (and it has to be
said improvements) that they still have a very long way to go before they
are really on top of the security issue.

This section of the e-mail this section:

> > Contains confidential and/or proprietary information.
> 
> Wow!
> 
> Really?
> 
> What bits precisely?
> 
> No, seriously, I need to know so I can avoid ever using that 
> information in anything I may say, write or produce in 
> future.  After all, you went to the trouble of warning me, 
> therefore it would probably be negligent of me to not 
> ascertain precisely what it is that I should be careful to 
> not infringe against in the future...
> 
> > May not be copied or disseminated without express consent of The 
> > Goodyear Tire & Rubber Company
> 
> Sh*te -- I just did and without express consent from your employer.
> 
> And so did the admins of these mailing lists.  Do you really 
> think The Goodyear Tire & Rubber Company will mind?
> 
> Hmmmm -- thinking about it a bit harder, did _YOU_ have the 
> _express_ consent of The Goodyear Tire & Rubber Company to 
> post some of its "confidential and/or proprietary 
> information" to all these folk?  Seems an odd thing to do 
> with what you're claiming is ostensibly legally privileged 
> and limited information, even if you _did_ have express 
> consent to do it...
> 

Was it completely needed? We've all seen the standard legal stuff at the
bottom of e-mails form corporate addresses a thousand times before and we
all know that most of the e-mails that you see them on its not pertinent to
anyway so why pick now to deride someone about something that is probably
dictated by company policy?

Not big, not clever.

regards,

Andrew

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ