Re: Microsoft issues out-of-band patch

["Michael Krymson" <krymson () gmail com>]

1) Are you running low on meds this late in the month? If so, do we need to
start a collection so you can afford them in time before you subject us with
further ranting, raving, and lunacy? Actually, I wouldn't mind ranting,
raving, and lunacy if it came from someone who wasn't also stupid and
completely oblivious to their own plight...

2) Further comments are inline although I expect you won't bother to
adequetely address them, ever.

On Fri, Dec 19, 2008 at 8:50 AM, n3td3v <xploitable () gmail com> wrote:

> "The software giant rushed out a fix for the security issue in eight
> days, following its discovery that online criminals were using the
> flaw to attack Internet users."
>
> http://www.securityfocus.com/brief/873
>
> This is because they usually hold back disclosure and patch release so
> the intelligence services can backdoor criminal and terrorist pc's.


Do you have anything to back this claim?


> We're not saying Microsoft has never been capable to release a patch
> in eight days, we're saying there is an agreement with the government
> not to, unless a flaw is publicly known and is affecting the
> internet-at-large.


Do you have anything to back this claim?


> There are a ton of zero-day that Microsoft and the government know
> about and are used for intelligence purposes, they are kept secret
> unless the public know about it and the zero-day becomes a threat to
> the government.


Do you have anything to back this claim?


> Though the fact is this, MI5 have zero-day that not even Microsoft
> know about and not only this, MI5 have their systems patched against
> flaws that are not known about by other entities.


> What i'm saying is this: MI5's systems are patched against flaws that
> only they know about and their technicians have developed their own
> in-house patches for them.


 Fact? Now you're really needing to cite some sources or backing, otherwise
this is, in fact, not fact.

You are not technically inclined. You have said it yourself and have
demonstrated such for years on this list. So I'm not surprised you don't
understand patching and vulnerability research. Maybe they have their own
mitigations and workarounds, but that is a certainly different ballgame.


> If that isn't impressive I don't know what is.


The only thing impressive is how oblivious, delusional, and incompetent you
are.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/