Re: Class-action suit points to Microsoft security flaws

["Paul J. Morris" <mole () morris net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 2 Oct 2003 15:47:26 -0400
"Richard M. Smith" <rms () computerbytesman com> wrote:
> Class-action suit points to Microsoft security flaws
> http://news.com.com/2100-1009-5085730.html 
> The lawsuit, filed Tuesday in Los Angeles Superior Court,
> also claims that Microsoft's security warnings are too complex to be
> understood by the general public and serve instead to 
> tip off "fast-moving" hackers on how to exploit flaws in its operating
> system.
   Rather disturbing.  Much as I approve of the rest of the complaint,
it sounds like amicus curiae briefs from the security community are
needed in support of Microsoft on this particular issue.  I find
Microsoft security warnings to usually be not detailed enough and
generaly rely on the rest of the security community for workarounds and
information and tools to verify whether Microsoft's patches have
actually resolved a problem.  This list is indeed based on the principle
that full disclosure of the details of vulnerabilities is fundamental to
maintaining secure systems. 
- -Paul
- -------------
Paul J. Morris  mole () morris net
Biodiversity Information Manager, The Academy of Natural Sciences
1900 Ben Franklin Parkway, Philadelphia PA, 19103, USA
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE/fab+eqkk3tLUswERAqOpAJ0fl41FF2/M36+jXx6Q4kT1w67YMQCghhGC
pV4NIfpuETQ8JfLAq0ipKBo=
=PsWF
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html