[NCLUG] It's not our problem!
Sean Reifschneider
jafo at tummy.com
Tue Oct 16 13:57:54 MDT 2001
Here's an article in which Microsoft is condeming people who release
information on exploits:
http://www.newsbytes.com/news/01/171173.html
My favorite quote is:
Microsoft's editorial is aimed squarely at Eeye Digital Security, the
security software firm that discovered the bug in Microsoft's IIS
Webserver that was exploited by Code Red a month later.
Apparently, Microsoft believes that a month to address a severe security
flaw in their products is just not enough time. Based on experiences with
many vendors not responding until there's public outcry, I don't think that
holding the report back would have helped. For example, the fact that the
Cisco 675s locked up when given a URL with a "?" in them was reported
nearly a year before it took down so many networks because of Code Red.
This is clearly, IMHO, a case of Microsoft trying to distract people from
the real issues.
Sean
--
There are things that are so serious that you can only joke about them.
-- Heisenberg
Sean Reifschneider, Inimitably Superfluous <jafo at tummy.com>
tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
More information about the NCLUG
mailing list