Re: MS rolls out security obscurity bribe program

[InfoSec News <isn () c4i org>]

Forwarded from: emerson <et () c4i org>

This is quite blantantly disgusting. I'm appalled that Microsoft would
even offer this faustian deal. For those not versed in english or high
german litrature, here is a little version of the Faust story, Thomas
Greene and others have desribed the deal as faustian and a recap of
the story is worth reading.

Abstracted from the Faust Chapbook of 1587

Johann Faustus was born in Roda in the province of Weimar, of
God-fearing parents.

Although he often lacked common sense and understanding, at an early
age he proved himself a scholar, mastering not only the Holy
Scriptures, but also the sciences of medicine, mathematics, astrology,
sorcery, prophesy, and necromancy. These pursuits aroused in him a
desire to commune with the Devil, so--having made the necessary evil
preparations--he repaired one night to a crossroads in the Spesser
Forest near Wittenberg. Between nine and ten o'clock he described
certain circles with his staff and thus conjured up the Devil.
Feigning anger at having been summoned against his will, the Devil
arrived in the midst of a great storm. After the winds and lightning
had subsided the Devil asked Dr. Faustus to reveal his will, to which
the scholar replied that he was willing to enter into a pact. The
Devil, for his part, would agree:

to serve Dr. Faustus for as long as he should live,

to provide Dr. Faustus with whatever information he might request, and

never to utter an untruth to Dr. Faustus.

The Devil agreed to these particulars, on the condition that 
Dr. Faustus would promise:

at the expiration of twenty-four years to surrender his body and soul
to the Devil,

to confirm the pact with a signature written in his own blood, and

to renounce his Christian faith.

Having reached an agreement, the pact was drawn up, and Dr. Faustus
formalized it with his own blood. Henceforth Dr. Faustus' life was
filled with comfort and luxury, but marked by excess and perversion.
Everything was within his grasp: elegant clothing, fine wines,
sumptuous food, beautiful women--even Helen of Troy and the concubines
from the Turkish sultan's harem. He became the most famous astrologer
in the land, for his horoscopes never failed. No longer limited by
earthly constraints, he traveled from the depths of hell to the most
distant stars. He amazed his students and fellow scholars with his
knowledge of heaven and earth.

However, for all his fame and fortune, Dr. Faustus could not revoke
the twenty-four year limit to the Devil's indenture. Finally
recognizing the folly of his ways, he grew ever more melancholy. He
bequeathed his worldly goods to his young apprentice, a student named
Christoph Wagner from the University of Wittenberg .

Shortly after midnight on the last day of the twenty-fourth year, the
students who had assembled at the home of the ailing Dr. Faustus heard
a great commotion. First came the sound of a ferocious storm and then
the shouts--first terrifyingly loud then ever weaker--from their
mentor. At daybreak they ventured into his room. Bloodstains were
everywhere. Bits of brain clung to the walls. Here they discovered an
eye, and there a few teeth. Outside they found the corpse, its members
still twitching, lying on a manure pile. 

His horrible death thus taught them the lesson that had escaped their
master during his lifetime: to hold fast to the ways of God, and to
reject the Devil and all his temptations.

One might care to take note of the things that microsoft has promised
to the people that sign this pact:

All the software you can eat (worldly goods)
Servants (MCSE at you beck and call)
Inner Truths (MSDN, Insider MS security info).

Of course it's unlikley that anyone is going to end up twitching on a
manure pile (hopefully). However it's true that the only poeple likely
to benefit by this are microsoft and the blackhat community, who not
being bound by any agreements of anykind, will quite happily research
and exploit everything in sight, while signatoires remain muzzled.
It's also worth noting, that Satan, didn't want an upfront payment,
whereas this will cost you money, as well as your soul.

Mr. Green Also raises an interesting point about professional
obligations to ISC2 and potentially other organisation, which have
injunctions against the concealment of information (Accountants and
Certified Audit professionals take note). Worse, it's not clear in the
event of a lawsuit, where liability would lie, should information be
supressed. Were I to sign I would be very worried about this, as it
may mean that I might be liable to the charge of negligence for
supressing information but be unable to pass on my liabilities to
Microsoft.

I think Satan is behind the times....

Emerson

InfoSec News wrote:

> http://www.theregister.co.uk/content/4/23366.html


--
Emerson
Freelance Thinker
et () c4i org
PGP key available on request




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.