This guy is now an honarary member of the Open Source Ankle Biters club. And calling MS Security Response a "bunch of half-witted morons" is an insult to morons everywhere. We have our pride, you know.
--- Brad Bendily <[EMAIL PROTECTED]> wrote: > I don't know if anyone reads bugtraq, but I thought > this was an > interesting post nonetheless. > > -- > Brad Bendily - CNA > > ---------- Forwarded message ---------- > Date: Fri, 12 Mar 2004 13:57:54 +1300 > From: Nick FitzGerald <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED], > [EMAIL PROTECTED], > [EMAIL PROTECTED] > Subject: MS Security Response is a bunch of > half-witted morons > > Try to read Microsoft's latest security epistles: > > > http://www.microsoft.com/technet/security/bulletin/ms04-009.mspx > > http://www.microsoft.com/technet/security/bulletin/ms04-010.mspx > > with a browser that does not have JavaScript > enabled... > > (And yes, they have retrofitted this "improvement" > to _all_ previous > security bulletins...) > > Earth to MSRP: > > 1. Your job is to improve security. > > 2. Two years ago Billy Boy charged the whole of the > company to > straighten up its act as regards security. > > 3. MS Security Bulletins were "improved" about > 24-30 months ago by a > web design team that clearly does not have an ounce > of security smarts > among its entire membership. That "improvement" > (_purely_ aesthetic, > and highly debatable anyway) made the bulletins > unreadable in IE unless > you are prepared to trust MS and its web presence > providers (I'm not > for various reasons -- the company as whole is just > far too large and > "attractive" a target; there have been some very bad > whoops-es with > Akamai and the Nimda virus; etc). Anyway, that > "improvement" was the > final straw that moved me to using Mozilla as my > browser of choice, as > it rendered that "improved" form of your pages fine, > _and_ with > scripting and the like disabled. > > 4. Now the Security Bulletins have been "improved" > even further, > turning the detail expansion links into frelling > javascript links. > What in the blue blazes is between the ears of your > web development > folk? Have they forgotten that the venerable HREF > tag can work without > scripting, ActiveX and all manner of other popular > but unnecessary cr*p > that web designers can't seem to ignore? When it > comes to security > bulletins, f*ck art -- give me _readable content_. > > Sheeeesh!!! > > > > A few weeks back some online magazine editor was > asking for clear, > reasoned arguments that "Microsoft just doesn't get > security". > Arguments be damned -- if you have two security > clues you only have to > look at MS' own security web pages to _see_ that > "Microsoft just > doesn't get security". > > TCI is clearly a media and PR circus. > > (In case the magazine editor and his conspirator > still do not get the > point of the above, Microsoft has no business > dictating _my_ or _anyone > else's_ security policies. This is as fundamental > an aspect of > security as there is. Posting its security > bulletins in a format that > requires their readers to set their browsers to a > configuration that is > acknowledged to be _severely security lowering_, > while maintaining that > it is doing everything possible to improve the > security of its > products, is the height of hypocrisy and clearly > makes a lie of its > public proclamations that it is working to further > improve security.) > > > -- > Nick FitzGerald > Computer Virus Consulting Ltd. > Ph/FAX: +64 3 3529854 > > > _______________________________________________ > General mailing list > General@brlug.net > http://brlug.net/mailman/listinfo/general_brlug.net ===== John Hebert Official BRLUG Linux Curmudgeon Open Source Ankle Biter __________________________________ Do you Yahoo!? Yahoo! Search - Find what youre looking for faster http://search.yahoo.com
