Was Shawna McAlearney's assessment of Liu Die Yu's recent findings in M$ products correct in stating his inticement was:
<quote> Several weeks ago Chinese researcher Liu Die Yu posted several Internet Explorer flaws to the Full-Disclosure security mailing list. His reasoning: Microsoft hasn't given him credit for prior vulnerabilities he reported. </quote> Was this correct? I do not have all the original posts on hand, but, I do not recall any lament about M$ not giving him the recognition he felt was deserved for previous findings, though I may well have missed this. The reason I ask is, there has been a large shift in the security "lists/field/top dogs" in trying to avoid casting blame/responsibility at M$ for the products it has pushed into the market place, perhaps due to the deep pockets and breadth of market saturation, thus dependance of many upon the M$ pocketbook to feed the rest of the industry in one fashion or another. The critical articles of a year+ past seem to now, especially after the @stake recent actions, to be focused these days upon avoiding mentioning the shortcomings from redmond. Are others reading the same these days? Thanks, Ron DuFresne ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html