Full Disclosure mailing list archives
Re: Re: Microsoft to give holes info to Uncle Samfirst
From: "Bruce Ediger" <eballen1 () qwest net>
Date: Sat, 12 Mar 2005 16:24:47 -0700 (MST)
On Sat, 12 Mar 2005, Feher Tamas wrote:
If Microsoft gives fixes info to Uncle Sam first, it gives USA the exploits first.
Note that this may have gone on for some time, and MSFT is not the only culpable vendor: Cambridge security researcher Ross Anderson says in his paper "Security in Open versus Closed Systems - The Dance of Boltzmann, Coase and Moore": --- The US government prefers vulnerabilities in some products to be reported to authority first, so that they can be exploited by law enforcement or intelligence agencies for a while. Vendors are only encouraged to ship patches once outsiders start exploiting the hole too. --- I found this paper at http://www.cl.cam.ac.uk/ftp/users/rja14/toulouse.pdf Anderson offers no support for the above statement in his paper. On a more anecdotal level, just after the 1988 Internet Worm, I participated in a discussion at a US defense contractor where a fellow with several clearances claimed that the NSA had dossiers on each operating system, and they knew all the holes in each of them, "Even in VMS". _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://www.secunia.com/
Current thread:
- Re: Re: Microsoft to give holes info to Uncle Samfirst Bruce Ediger (Mar 12)
- Re: Re: Microsoft to give holes info to Uncle Sam first Nick FitzGerald (Mar 12)
- Re: Re: Microsoft to give holes info to Uncle Sam first bkfsec (Mar 14)
- Re: Re: Microsoft to give holes info to Uncle Sam first Nick FitzGerald (Mar 12)