lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <86hduk1bx3.fsf@blue.stonehenge.com>
From: merlyn at stonehenge.com (Randal L. Schwartz)
Subject: Support the Sasser-author fund started

>>>>> "Ron" == Ron Jackson <ISSecurity@...enet.org> writes:


Ron>    The biggest question I have is why all the hostility at
Ron>    Microsoft for patching their system?  There are plenty of
Ron>    holes still in the system that warrant your wrath.  When I see
Ron>    a worm that comes out before Microsoft patches, I'll be all
Ron>    over Microsoft just as the rest of you "Microsoft can do no
Ron>    right" doomsayers.

Well, in one corner, we have Microsoft, with billeeeunnss of dollars,
having to release patches in the first place, and based on past
experience will likely have more holes and more patches to deal with.

In the other corner, we have OpenBSD, on a shoestring budget, with only
one remote hole in the past seven years since its debut, and a comparably
complex and functional operating system.

So why is it, with Microsoft and all of their billeeeunnss of dollars,
that they wouldn't spend at least SOME MORE of that BEFORE they
release their code?  OpenBSD manages a decent security review and a
right mindset towards security on the annual amount of money that Bill
Gates makes every time he takes a dump.

This is what irks me about Microsoft.  It's irresponsible.
Continuously and apparently knowingly. Does that justify actual
malicious acts?  No.  The Sasser Worm guy deserves punishment.  But
when I spend hours and days trying to defend my paid-for bandwidth
from the incoming onslaught of Microsoft-enabled worm mail, I've got
to think that I'm due some payment for damages, both from the worm
writers, *and* from Microsoft.  If this were indeed a fair world.

-- 
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn@...nehenge.com> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ