Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Microsoft's Binary Planting Clean-Up Mission

From: "ACROS Security Lists" <lists () acros si>
Date: Thu, 15 Sep 2011 23:33:36 +0200
Hi Thor,

Microsoft is maintaining a list of binary planting bugs they've fixed here:
http://technet.microsoft.com/en-us/security/advisory/2269637

You will find our name in some of these advisories.

Calling the above effort a "Binary Planting Clean-up Mission" was merely a benign
poetic exercise, and this is *not* an official name of any internal mission at
Microsoft to the best of my knowledge.

You can learn something about our interaction with Microsoft here:
http://blog.acrossecurity.com/2010/08/binary-planting-update-day-7.html

Cheers,
Mitja



-----Original Message-----
From: full-disclosure-bounces () lists grok org uk 
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf 
Of Thor (Hammer of God)
Sent: Thursday, September 15, 2011 10:59 PM
To: security () acrossecurity com; 'ChristianSciberras'
Cc: full-disclosure () lists grok org uk; bugtraq () securityfocus com
Subject: Re: [Full-disclosure] Microsoft's Binary Planting 
Clean-Up Mission

I'm curious.  Who is your contact at MSFT?  Who is it that 
has told you they have a "Binary Planting Clean-up Mission" 
and where do they mention you as having anything to do with it?

If you are going to claim MSFT's actions as substantive to 
your agenda, how about provide some details?

t  


-----Original Message-----
From: ACROS Security Lists [mailto:lists () acros si]
Sent: Thursday, September 15, 2011 1:41 PM
To: 'Christian Sciberras'
Cc: Thor (Hammer of God); full-disclosure () lists grok org uk;
bugtraq () securityfocus com
Subject: RE: [Full-disclosure] Microsoft's Binary Planting Clean-Up 
Mission

Hey Chris,


I bet Microsoft actually like stating they just fixed yet another 
severe bug.
Zero-day fixing is big business, you know....even if "zero"
is past a few "days".


I don't think Microsoft gains much from being able to say 

they fixed 

yet another bug
- maybe if it were a bug they found internally and fixed 

proactively, 

but not like this. And I'm sure they'd rather be doing 

something else than fixing:

fixing a product costs a lot, and it generates no revenue.

Cheers,
Mitja


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: