lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200503122004.j2CK4XvA012604@pop-9.dnv.wideopenwest.com>
From: mvp at joeware.net (joe)
Subject: Reuters: Microsoft to give holes info to
	UncleSam first - responsible vendor notification may not be a
	good idea anymore...

I can't seem to find where it indicates that the US government is in fact
the only government on the security beta... In fact I know of several
multi-national companies as well as some small businesses that are on this
program and have been on that program for a year or more. I expect there
very well could be other governments involved as well only MS doesn't
publish the names of everyone in the program, these companies I know about
are simply companies I have personally encountered and know they are
involved from discussions with them. Say a company like Walmart is the
program (I have no clue but would guess it is possible), are they involved
so they can hack into competitors servers? Doubtful.

You take some small news blurb and run all over the place assuming this that
and the other thing like chicken little without any real knowledge of what
the program actually is about, its requirements, nor its deliverables. You
are the kind of person that is bad for OSS (and probably IT In general) in
that you push the whole idea that OSS is more about being anti-MS than an
alternative valid and good solution. You make it harder, not easier, for
consultants to pitch OSS solutions to corporations because you push the idea
that people should use OSS because they don't want to use MS; not in
addition to. 

The flip side to this whole thing if they didn't have a program like this
could be you bitching about the quality of testing MS puts into the patching
process and that is why people should switch from using MS Products. This
program is a response to that previous issue of testing quality; not an
attempt to put secret info into the hands of the US government. If MS wanted
the US government to have details of the holes prior to everyone else, which
is what you are implying here, they could simply send them the details -
hell they would simply send them the compiled tool to do the hacking. 

Additionally, great large swathes of the US government, especially the
military branches, are simply trying to keep their heads above water with
their normal daily usage IT systems whether those systems are pc's,
mainframes, mini's, or supers. They don't have much time to be all black hat
like you seem to want to believe. 



 

-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Raj Mathur
Sent: Saturday, March 12, 2005 1:11 PM
To: full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] Reuters: Microsoft to give holes info to
UncleSam first - responsible vendor notification may not be a good idea
anymore...


What you're saying would make sense if the US were the only country in the
world that uses MS products.  I know this may come as a surprise to many
people, but there are other places and Governments in the world too, and
they too use MS!

It shows complete irresponsibility on MS' part to favour one Government over
all others in disclosure and bug-fix policy.  IMNSHO one more reason for the
rest of the world to switch to non-proprietary products and solutions.

Regards,

- -- Raju
- -- 
Raj Mathur                raju@...dalaya.org      http://kandalaya.org/
       GPG: 78D4 FC67 367F 40E2 0DD5  0FEF C968 D0EF CC68 D17F
                      It is the mind that moves -----BEGIN PGP
SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ