Forwarded mail....

[Paul Rogers <airwofl () flumps org>]

I have to say, what is the point? Is this a hoax or not, because it
seems strange that it didn't go to Bugtraq or VulnWatch? If it isn't
then how is everyone that works with in IT supposed to know if this is
true and what conditions cause it to occur?

You are only pampering to the wants of the big boys (or gals) and you
will make life for IT staff employed by their own company to secure their
systems / networks impossible, which may lead to:

-> non-requirement for internal IT Security ppl
-> requirement for external security company
-> decrease in efficiency and understanding of the business risks
associated with security
-> possibly a lower level of security within organisations
-> bigger bank accounts for the big IT Security players only
-> which *could* lead to monopoly conditons

So we all sit here for 60 days vulnerable to "something" not knowing what
it is, what functionality the registry key mentioned offers users and
hence what functionality will be broken by the modification - really
useful for people who need to roll out security changes quickly.

Me two-penneth worth.

Cheers,

Paul Rogers,
Information Security Consultant.