Re: Re: MS04-025 - Ignorance is truly bliss....

[George Capehart <capegeo () opengroup org>]

On Thursday 05 August 2004 18:49, hellNbak allegedly wrote:
> On Thu, 5 Aug 2004 someone pretending to have a nmrc email addy  
wrote:

<snip>

> The only mistake you make above is that you paint the entire industry
> with the same brush.  Yes, I and a lot of people make money in this
> industry. We took a hobby and made it a job -- why not?  Why not get
> paid for something you enjoy.  Working in this industry does not
> automatically make you a false profit as you explain above.
>
> Over the long term -- no one will benifet -- and I dont care how big
> the paycheck is -- telling a client what they want to hear is not the
> way many of us choose to make a living.  Sure, there are a lot of
> people in EVERY industry that are willing to push ethics aside and do
> what it takes for that paycheck but I know I can look myself in the
> mirror and say that I am not one of those people.
>
> Eventually the false prophets are exposed, sure they already got
> their paycheck and have moved on to the next sucker but eventually
> they run out of suckers and money.
>
> > What do you hope to achieve, or how do you believe your opinion is
> > being relevant or novel, if you come to this audience, and state
> > that CERT is no longer credible, and is a bunch of crooks who live
> > off selling advance vulnerability warnings? Or that Microsoft is
> > not exactly particularly devoted to improving security of their
> > products and protecting their customers?
>
> I hoped to stir some shit up, perhaps give the guys over at
> secure () microsoft com a bit of a kick in the nuts as there was a time
> that they were making at least a little progress.  I was hoping to
> draw enough attention to this issue that perhaps someone from one of
> the major banks will one day sit down and correlate the connection
> between vulnerabilities such as this and losses due to fraud.  The
> only way that any vendor is going to be forced to actually care about
> security and actually care about users is when those users mean lots
> of $$$ to them.

There just might be some hope . . . check out this white paper from PWC 
on "Integrity-Driven Performance."
http://www.cfodirect.com/cfopublic.nsf/f19696b6432afb8b8525690a000c9f67/86a39deb761f514d85256e3f00641442/$FILE/PWC_GRC_WP.pdf

(URL might wrap).  You can get it from Google if you search on 
pwc_grc_wp.pdf . . .

Cheers,

/g

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html