Full Disclosure mailing list archives
Re: Class-action suit points to Microsoft security flaws
From: "Paul J. Morris" <mole () morris net>
Date: Fri, 3 Oct 2003 12:44:21 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 2 Oct 2003 15:47:26 -0400 "Richard M. Smith" <rms () computerbytesman com> wrote:
Class-action suit points to Microsoft security flaws http://news.com.com/2100-1009-5085730.html The lawsuit, filed Tuesday in Los Angeles Superior Court, also claims that Microsoft's security warnings are too complex to be understood by the general public and serve instead to tip off "fast-moving" hackers on how to exploit flaws in its operating system.
Rather disturbing. Much as I approve of the rest of the complaint, it sounds like amicus curiae briefs from the security community are needed in support of Microsoft on this particular issue. I find Microsoft security warnings to usually be not detailed enough and generaly rely on the rest of the security community for workarounds and information and tools to verify whether Microsoft's patches have actually resolved a problem. This list is indeed based on the principle that full disclosure of the details of vulnerabilities is fundamental to maintaining secure systems. - -Paul - ------------- Paul J. Morris mole () morris net Biodiversity Information Manager, The Academy of Natural Sciences 1900 Ben Franklin Parkway, Philadelphia PA, 19103, USA -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE/fab+eqkk3tLUswERAqOpAJ0fl41FF2/M36+jXx6Q4kT1w67YMQCghhGC pV4NIfpuETQ8JfLAq0ipKBo= =PsWF -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Class-action suit points to Microsoft security flaws Richard M. Smith (Oct 02)
- Re: Class-action suit points to Microsoft security flaws V.O. (Oct 02)
- Re: Class-action suit points to Microsoft security flaws Paul J. Morris (Oct 03)