Information Security News mailing list archives
Microsoft gets heavy with security firm
From: William Knowles <wk () C4I ORG>
Date: Sun, 10 Dec 2000 04:48:49 -0600
http://www.vnunet.com/News/1115255 By Linda Leung in Silicon Valley Dec 9th, 2000 Microsoft has told Security Focus, the US security company that manages the Bugtraq moderated security email list, that it can no longer publish the software giant's security alerts. The issue centres round Microsoft's recently redesigned security email alerts, which it distributes to registered subscribers and third party security mailing lists. The redesigned bulletins give only the barest details about new vulnerabilities and instead directs users to a page on Microsoft's website for the full text. Under the original email format, which included full text, Bugtraq was able to redistribute the alerts because Microsoft had sent them to Bugtraq. But in response to a Microsoft vulnerability email alert issued in the new format earlier this week, Bugtraq's moderator, Elias Levy, republished the full text which he downloaded from Microsoft's website. This solicited an angry response from Microsoft which told Levy that he did not have permission to redistribute the text, and that doing so would be considered an act of copyright violation. Ryan Russell, management information systems manager at Security Focus, explained that Levy decided not to approve alerts that do not provide full text and downloaded the information from Microsoft's website so that Bugtraq readers would get additional details. "Microsoft's new format is not as useful as the old format. You've got to launch a new browser to see the full text and it seems to work better when viewed on Internet Explorer than Netscape," said Russell. Other Bugtraq recipients have complained that the new format points users to one point of failure, and warned that emails addresses can be spoofed with links provided to a malicious site. Russell said Bugtraq would return to redistributing Microsoft alerts if the software giant goes back to the old format. Microsoft failed to comment. *==============================================================* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen Alfred. M. Gray, USMC ================================================================ C4I.org - Computer Security, & Intelligence - http://www.c4i.org *==============================================================* ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Microsoft gets heavy with security firm William Knowles (Dec 11)