So, I am not really a "security minded person". Those people I usually simply bow to and hope that the patches come out fast enough that I can apply them and protect my system. But I do expect a certain amount of decorum in getting those patches. Usually it means going to some protected site and doing something reasonable.
A few minutes ago I get two email messages in rapid succession. One has the subject line "Current Update", the other has a subject line "Current Microsoft Critical Upgrade". Both propose to fix "all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express as well as three newly discovered vulnerabilities." Both letters delivered the patches directly, via email. Neither letter described a way that I could tell if the patch had been tampered with, or even if the patch had actually come from Microsoft. Each letter had a different file attached, with a different name. If they both fix "all known problems", why do I have two with different names, different lengths, etc. Now, I have no real problem in believing that these patches really did come from Microsoft, which actually makes the problem worse instead of better. Why would a major software company really believe that anyone who could say the word "secure" would apply this patch that came through the email this way? And if they believe that no real security person would, then why bother sending it? If they get Mom&Pop installing patches this way, what happens when the very first "spoofer" hits Mom&Pop with what looks like a patch from Microsoft? It just makes Microsoft look even more clueless. The really great part is that I don't have any Microsoft products anymore. I just stay on their mailing lists to see what other incredible things they do. md -- Jon "maddog" Hall Executive Director Linux(R) International email: [EMAIL PROTECTED] 80 Amherst St. Voice: +1.603.672.4557 Amherst, N.H. 03031-3032 U.S.A. WWW: http://www.li.org Board Member: Uniforum Association, USENIX Association (R)Linux is a registered trademark of Linus Torvalds in several countries. UNIX is a registered trademark of The Open Group in the US and other countries. _______________________________________________ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss