Full Disclosure mailing list archives
RE: Microsoft and Security
From: "http-equiv () excite com" <1 () malware com>
Date: Fri, 25 Jun 2004 21:48:14 -0000
volunteer as an expert witness when the negligence lawsuits finally arise :) and you? "Burnes, James" <james.burnes () gwl com> said:
One word, m-o-n-o-p-o-l-y And what are you going to do about it, punk?-----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-
disclosure-
admin () lists netsys com] On Behalf Of http-equiv () excite com Sent: Friday, June 25, 2004 10:02 AM To: bugtraq () securityfocus com Cc: NTBugtraq () listserv ntbugtraq com; full-
disclosure () lists netsys com
Subject: [Full-disclosure] Microsoft and Security Where is Microsoft now "protecting their customers" as they
love
to bray? Should not someone in authority of this public
company
step forward and explain themselves at this time? All of sudden panic is being created across the WWW with "IIS Exploit Infecting Web Site Visitors With
Malware", "Mysterious
Attack Hits Web Servers", "Researchers warn of infectious Web sites" all stemming from all news accounts from an unpatched "problem" with Internet Explorer now two weeks old
and
counting, which in fact in reality stems from 10 months ago, that being the adodb.stream safe for scripting control with write capabilities. What exactly is being done about this? Nothing. What does multiple billions of dollars buy you today. Nothing. However
for
$20 million you can almost fly to the moon. Someone ought to step forward and explaini what exactly is happening at this public company. The great "protector of
their
customers". One might even suggest that their
entire "security"
mandate be re-examined. What exactly do they consider a vulnerability? Something that suits them or something that's cost effective to fix. So what, a few people lose their identities, have a few dollars extracted from their bank accounts, have their home pages reset, we'll fix it when it suits us as we have to be on budget this quarter. The Big
Boss
says $40 billion isn't enough this year. A vulnerability:
http://www.microsoft.com/technet/archive/community/columns/securi
ty/essays/vulnrbl.mspx "A security vulnerability is a flaw in a product that makes
it
infeasible - even when using the product properly-to prevent
an
attacker from usurping privileges on the user's system, regulating its operation, compromising data on it, or
assuming
ungranted trust." what this gibberish? For the past 10 months the adobd.stream object is capable of writing files to the "all important customer's" computer. It has real world consequences. It
rapes
their computer. Does it fit into the gibberish custom definition. Plain and simple: "A security vulnerability is a flaw in a product that makes it infeasible". What kind of language is this. Reads like the financial department
conjured
it up. Disabling scripting won't solve it. Putting sites in one of
the
myriad of "zones' won't solve it. Internet Explorer can trivially be fooled into operating in the less than secure
so-
called "intranet zone" and it can be guided there remotely. What's happening here. Where is the Microsoft representative explaining all of this to the shareholders and "customers"
they
so dearly wish to protect. This is unacceptable. Someone
must
be held accountable. -- http://www.malware.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
-- http://www.malware.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Microsoft and Security http-equiv () excite com (Jun 25)
- Re: Microsoft and Security Brian Toovey (Jun 25)
- <Possible follow-ups>
- Microsoft and Security http-equiv () excite com (Jun 25)
- RE: Microsoft and Security Burnes, James (Jun 25)
- RE: Microsoft and Security http-equiv () excite com (Jun 25)
- Re: Microsoft and Security Georgi Guninski (Jun 26)
- RE: Microsoft and Security Drew Copley (Jun 25)
- Microsoft and Security http-equiv () excite com (Jun 25)
- RE: Microsoft and Security Burnes, James (Jun 28)
- Message not available
- RE: Microsoft and Security Nancy Kramer (Jun 28)
- Re: Microsoft and Security William Warren (Jun 28)
- Re: Microsoft and Security Ron DuFresne (Jun 29)
- Re: Microsoft and Security William Warren (Jun 29)
- Message not available
- Re: Microsoft and Security Steve Kudlak (Jun 29)
- RE: Microsoft and Security Mark Laurence (Jun 29)