Full Disclosure mailing list archives
RE: Microsoft confirms source code leak
From: Ron DuFresne <dufresne () winternet com>
Date: Fri, 13 Feb 2004 14:35:41 -0600 (CST)
On Fri, 13 Feb 2004, Bernie, CTA wrote:
On 13 Feb 2004 at 7:32, Edward W. Ray wrote:"Does it not appear that the leak could have been done to ensure that M$ has a legal argument to abate liability in case they are sued?" I think their EULA which you accept when installing covers their ass for just about anything.<<< This may be true where WIN OS based box is deployed in a commercial environment. However, I think their EULA is trumped by the new US Federal Regulations (HIPAA, DHS, CFR, etc) if the Microsoft knew or should of known that their Win OS was going to be deployed in a solution that was designed to ensure the security (integrity, confidentiality, accessibility) of people, premises, critical infrastructure, systems, resources or data and knew or should have known that their Win OS had flaws/vulnerabilities which could be exploited to threaten such security and failed to disclose such flaws/vulnerabilities to the buyer. At minimum, the new regulations require that all known Privacy/Security Risks be disclosed and safeguards, policies and procedures be put in place to mitigate these risks. --
Yes, but, remember NT was<is?> c2 level certified <COUGH>. And the M$ stance is going to be that the systems were not properly admin'ed and locked down prior to the 'code leak'. But, one has to love how well security thru obscurity has worked for redmond all these years. Proprietary code has not really had any affect in well over 10+ years of the discovery, poc/info release, virus/trojan, patch-to-late cycle... okay whose been violating all those NDA's to help perpetuate this mess? Thanks, Ron DuFresne ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Microsoft confirms source code leak Thor Larholm (Feb 12)
- Re: Microsoft confirms source code leak Bernie, CTA (Feb 13)
- RE: Microsoft confirms source code leak Edward W. Ray (Feb 13)
- Re: Microsoft confirms source code leak Valdis . Kletnieks (Feb 13)
- RE: Microsoft confirms source code leak Bernie, CTA (Feb 13)
- Re: Microsoft confirms source code leak Cael Abal (Feb 13)
- RE: Microsoft confirms source code leak Ron DuFresne (Feb 13)
- RE: Microsoft confirms source code leak Roy M. Silvernail (Feb 13)
- Re: Microsoft confirms source code leak Jeremiah Cornelius (Feb 13)
- RE: Microsoft confirms source code leak Edward W. Ray (Feb 13)
- Re: Microsoft confirms source code leak Valdis . Kletnieks (Feb 13)
- Re: Microsoft confirms source code leak Bernie, CTA (Feb 13)
- <Possible follow-ups>
- RE: Microsoft confirms source code leak Andre Ludwig (Feb 12)
- RE: Microsoft confirms source code leak Byron Copeland (Feb 12)
- Re: Microsoft confirms source code leak Benjamin Meade (Feb 13)
- RE: Microsoft confirms source code leak Byron Copeland (Feb 12)