lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200405151913.15140.james.bliss@comcast.net>
From: james.bliss at comcast.net (James Bliss)
Subject: New therad: sasser, costs, support etc alltogether

<snip>
> 1. MS is wrongdoing by releasing (and charging for use of) software that
> has bugs in it. Users of such software have losses in time/money by
> trying to keep up with applying pathches, or just by trying to keep the
> uptime high.
>
> 2. Admins are wrongdoing by not applying patches to the systems they
> maintain. There are losses tied to such misspractice, too.
>
> 3. Worm authors are wrongdoing by writing software that propagate
> through the networks by exploiting all of the above. Again, the losses
> occur in time/money spent to remove the worms from the systems affected.
>
> It is obvious that almost every legal system in the world treats #3 as
> crime, while #2 and #1 are broadly tolerated. ...
<snip>

My opinion, you have them ordered inappropriately.  The order of 
responsibility should be:
1)  Authors
2)  MS
3)  Admins

As to wrong doing:
1)  Absolutely
2)  Quite often.  Especially in light of the fact that their integrating so 
much into the OS to take over various product niches from competitiors has 
caused many of the bugs to more serious than they should hvae been.  Their 
products should be written in a more modular manner which would be easier 
to secure, but would also prevent them from forcing others out of product 
markets.
3)  In some cases yes, others no.  The most recent patch from MS was a 
disaster on some machines.  Although good admins should secure their 
networks better which would prevent a great deal of the problems.  And 
some admins are just lazy (or stupid) and should be fired and never hired 
as an admin again.



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ