lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 2 Apr 2007 16:53:32 -0700
From: "James Matthews" <nytrokiss@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Why Microsoft should make windows open source

Hi Everyone

(This can also be an open letter to Microsoft)

Recently I have see a blog post of Microsoft's security team!  What i have
found disturbs me even more then when we find these 0days! This is what they
write!

I'm sure one question in people's minds is how we're able to release an
update for this issue so quickly. I mentioned on
Friday<http://blogs.technet.com/msrc/archive/2007/03/30/update-on-microsoft-security-advisory-935423.aspx#Vulnerability>that
this issue was first brought to us in late December 2006 and we've
been
working on our investigation and a security update since then. This update
was previously scheduled for release as part of the April monthly release on
April 10, 2007.

Are you telling me that this hole was around for just about 4 months and
they did nothing about it? I am not wondering why it took them so long to
come out with this patch not why they are putting out so early! Also when
they were told about this vulnerability they should of fixed it right away
as we have seen with the OpenBSD ICMP IP 6 hole! Core security told them
about it LESS THEN A WEEK LATER THERE WAS A PATCH.

So we ask why? Why does it take so long to put out a patch?

Due to the increased risk to customers from these latest attacks, we were
able to expedite our testing to ensure an update is ready for broad
distribution sooner than April 10.

Really? Then Please explain this paragraph

*Disclaimer: *

The information provided in this advisory is provided "as is" without
warranty of any kind. Microsoft disclaims all warranties, either express or
implied, including the warranties of merchantability and fitness for a
particular purpose. In no event shall Microsoft Corporation or its suppliers
be liable for any damages whatsoever including direct, indirect, incidental,
consequential, loss of business profits or special damages, even if
Microsoft Corporation or its suppliers have been advised of the possibility
of such damages. Some states do not allow the exclusion or limitation of
liability for consequential or incidental damages so the foregoing
limitation may not apply.

Links:
http://blogs.technet.com/msrc/archive/2007/04/01/latest-on-security-update-for-microsoft-security-advisory-935423.aspx
http://www.microsoft.com/technet/security/advisory/935423.mspx


I can go on and on but you all get the point!

James










-- 
http://www.goldwatches.com/watches.asp?Brand=39
http://www.wazoozle.com

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ