| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 04 Apr 2007 11:53:32 -0400 From: Simon Smith <simon@...soft.com> To: Troy Cregger <tcregger@...nedyinfo.com>, James Matthews <nytrokiss@...il.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Why Microsoft should make windows open source I think that anyone who thinks that Microsoft is near an end is being unrealistic. I think that they are going to have to contend with the challenges imposed by open source operating systems and OSX, but they are a software giant. Also remember, Windows is not the only thing that Microsoft makes. They have their hands in a lot of different pots. On 4/4/07 11:23 AM, "Troy Cregger" <tcregger@...nedyinfo.com> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > M$ will never let us h4x0rz into their source (willingly) but I agree > with you James, the open source paradigm has regularly outpaced M$ and > many other large corporate software producers where it comes to > addressing bugs, security holes, and in many cases feature requests. > > I don't think too many people will agree with me on this but my feeling > (call it a hunch) has been that vista will be the beginning of the end > for M$. Already more and more "average users" (like my dad who knows > jack about computers) are installing, using, and liking Linux. > > I guess time will tell. As to this patch, or the time M$ takes to > release any patch... the word that comes to mind here is "typical". > After all, what can you expect from a company that is commonly referred > to as Micro$loth. > > - -tlc > > > James Matthews wrote: >> Hi Everyone >> >> (This can also be an open letter to Microsoft) >> >> Recently I have see a blog post of Microsoft's security team! What i >> have found disturbs me even more then when we find these 0days! This is >> what they write! >> >> I'm sure one question in people's minds is how we're able to release an >> update for this issue so quickly. I mentioned on Friday >> <http://blogs.technet.com/msrc/archive/2007/03/30/update-on-microsoft-securit >> y-advisory-935423.aspx#Vulnerability> >> that this issue was first brought to us in late December 2006 and we've >> been working on our investigation and a security update since then. This >> update was previously scheduled for release as part of the April monthly >> release on April 10, 2007. >> >> Are you telling me that this hole was around for just about 4 months and >> they did nothing about it? I am not wondering why it took them so long >> to come out with this patch not why they are putting out so early! Also >> when they were told about this vulnerability they should of fixed it >> right away as we have seen with the OpenBSD ICMP IP 6 hole! Core >> security told them about it LESS THEN A WEEK LATER THERE WAS A PATCH. >> >> So we ask why? Why does it take so long to put out a patch? >> >> Due to the increased risk to customers from these latest attacks, we >> were able to expedite our testing to ensure an update is ready for broad >> distribution sooner than April 10. >> >> Really? Then Please explain this paragraph >> >> *Disclaimer: * >> >> The information provided in this advisory is provided "as is" without >> warranty of any kind. Microsoft disclaims all warranties, either express >> or implied, including the warranties of merchantability and fitness for >> a particular purpose. In no event shall Microsoft Corporation or its >> suppliers be liable for any damages whatsoever including direct, >> indirect, incidental, consequential, loss of business profits or special >> damages, even if Microsoft Corporation or its suppliers have been >> advised of the possibility of such damages. Some states do not allow the >> exclusion or limitation of liability for consequential or incidental >> damages so the foregoing limitation may not apply. >> >> >> Links: >> http://blogs.technet.com/msrc/archive/2007/04/01/latest-on-security-update-fo >> r-microsoft-security-advisory-935423.aspx >> <http://blogs.technet.com/msrc/archive/2007/04/01/latest-on-security-update-f >> or-microsoft-security-advisory-935423.aspx> >> http://www.microsoft.com/technet/security/advisory/935423.mspx >> >> >> I can go on and on but you all get the point! >> >> James >> >> >> >> >> >> >> >> >> >> >> -- >> http://www.goldwatches.com/watches.asp?Brand=39 >> http://www.wazoozle.com >> >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.6 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFGE8LvnBEWLrrYRl8RArXpAJ4+jj+m+iIAXuYw7JOyjrWxS5NmhACfV5q/ > ql0ShSIP8lkYpFswZwOOb0k= > =Dsmb > -----END PGP SIGNATURE----- > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists