Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Microsoft gets heavy with security firm

From: William Knowles <wk () C4I ORG>
Date: Sun, 10 Dec 2000 04:48:49 -0600
http://www.vnunet.com/News/1115255

By Linda Leung in Silicon Valley
Dec 9th, 2000

Microsoft has told Security Focus, the US security company that
manages the Bugtraq moderated security email list, that it can no
longer publish the software giant's security alerts.

The issue centres round Microsoft's recently redesigned security email
alerts, which it distributes to registered subscribers and third party
security mailing lists. The redesigned bulletins give only the barest
details about new vulnerabilities and instead directs users to a page
on Microsoft's website for the full text.

Under the original email format, which included full text, Bugtraq was
able to redistribute the alerts because Microsoft had sent them to
Bugtraq. But in response to a Microsoft vulnerability email alert
issued in the new format earlier this week, Bugtraq's moderator, Elias
Levy, republished the full text which he downloaded from Microsoft's
website.

This solicited an angry response from Microsoft which told Levy that
he did not have permission to redistribute the text, and that doing so
would be considered an act of copyright violation.

Ryan Russell, management information systems manager at Security
Focus, explained that Levy decided not to approve alerts that do not
provide full text and downloaded the information from Microsoft's
website so that Bugtraq readers would get additional details.

"Microsoft's new format is not as useful as the old format. You've got
to launch a new browser to see the full text and it seems to work
better when viewed on Internet Explorer than Netscape," said Russell.

Other Bugtraq recipients have complained that the new format points
users to one point of failure, and warned that emails addresses can be
spoofed with links provided to a malicious site.

Russell said Bugtraq would return to redistributing Microsoft alerts
if the software giant goes back to the old format.

Microsoft failed to comment.



*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".
Previous By Date Next
Previous By Thread Next

Current thread: