-----Original Message----- From: Scott Edwards <[EMAIL PROTECTED]> To: Date: Sat, 12 Mar 2005 22:45:39 -0700 Subject: Re: [Full-disclosure] Reuters: Microsoft to give holes info to UncleSam first - responsible vendor notification may not be a goodidea any more...
> > On Sat, 12 Mar 2005 13:41:26 +0100, Tamas Feher <[EMAIL PROTECTED]> wrote: > > http://www.reuters.com/newsArticle.jhtml?type=technologyNews&storyID=7 > > 876004&src=rss/technologyNews > > > > Microsoft to Offer Patches to U.S. Govt. First > > by Reuters, 11 Mar 2005 > [snip] > > Under a plan to take effect later this year, Microsoft will give the > > U.S. Air Force versions of software "patches" to fix serious security > > vulnerabilities up to a month before they are available to others, > > the paper said. > [snip] > > Isn't the real issue we're trying to address, is that the US Govt's > advance knowledge of this information, does not serve the masses? > > My strongest opinion is to provide it for everyone at the same time. > This advance notice has some indication that someone does not have the > (wo)man power and action plan on how to handle these updates. Seems > like what ever reason they have, is a complete cop-out (Feel free to > enlighten me Uncle Sam, I honor thee, but why are thou so special?). > Two words for Uncle Sam. "Cowboy up!". Sure MSFT says the updates > will only be stalled to the public, "up to a month", but that could be > any amount of time. > > And this whole nonsense of "black hats only find these holes from > updates" is just that, nonsense. How many times have we seen a > website turn a browser into a mushroom cloud? I mean, we've NEVER > seen a program crash by visiting websites, right? Reproduce that, and > you've got yourself the makings of an exploit. What if the next > discovered hole is a worm writer? (I'm not meaning to suggest that > internet/www are not the only "critical updates" of concern in this > topic, but it's the easiest to illustrate) > > Thank you, > > > Scott Edwards > -- > Daxal Communications - http://www.daxal.com > Surf the USA - http://www.surfthe.us > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://www.secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://www.secunia.com/