Full Disclosure mailing list archives
Re: Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more...
From: Scott Edwards <supadupa () gmail com>
Date: Sat, 12 Mar 2005 22:45:39 -0700
On Sat, 12 Mar 2005 13:41:26 +0100, Tamas Feher <etomcat () freemail hu> wrote:
http://www.reuters.com/newsArticle.jhtml?type=technologyNews&storyID=7 876004&src=rss/technologyNews Microsoft to Offer Patches to U.S. Govt. First by Reuters, 11 Mar 2005
[snip]
Under a plan to take effect later this year, Microsoft will give the U.S. Air Force versions of software "patches" to fix serious security vulnerabilities up to a month before they are available to others, the paper said.
[snip] Isn't the real issue we're trying to address, is that the US Govt's advance knowledge of this information, does not serve the masses? My strongest opinion is to provide it for everyone at the same time. This advance notice has some indication that someone does not have the (wo)man power and action plan on how to handle these updates. Seems like what ever reason they have, is a complete cop-out (Feel free to enlighten me Uncle Sam, I honor thee, but why are thou so special?). Two words for Uncle Sam. "Cowboy up!". Sure MSFT says the updates will only be stalled to the public, "up to a month", but that could be any amount of time. And this whole nonsense of "black hats only find these holes from updates" is just that, nonsense. How many times have we seen a website turn a browser into a mushroom cloud? I mean, we've NEVER seen a program crash by visiting websites, right? Reproduce that, and you've got yourself the makings of an exploit. What if the next discovered hole is a worm writer? (I'm not meaning to suggest that internet/www are not the only "critical updates" of concern in this topic, but it's the easiest to illustrate) Thank you, Scott Edwards -- Daxal Communications - http://www.daxal.com Surf the USA - http://www.surfthe.us _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://www.secunia.com/
Current thread:
- Re[2]: Reuters: Microsoft to give holes info to UncleSam first - responsible vendor notification may not be a good idea anymore..., (continued)
- RE: Reuters: Microsoft to give holes info to UncleSam first - responsible vendor notification may not be a good idea anymore... joe (Mar 12)
- Re: Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more... Raj Mathur (Mar 12)
- Re: Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more... Anders Langworthy (Mar 15)
- Re: Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more... Niek (Mar 12)
- Re: Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more... Scott Edwards (Mar 13)
- Re[2]: Reuters: Microsoft to give holes info to UncleSam first - responsible vendor notification may not be a goodidea any more... phased (Mar 13)
- Re: Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more... James Tucker (Mar 13)
- Re: Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more... Vincent van Scherpenseel (Mar 13)