Re: [ISN] Microsoft upgrades IE flaw to critical after criticism

From: InfoSec News (isnat_private)
Date: Tue Dec 17 2002 - 03:22:52 PST

  • Next message: InfoSec News: "[ISN] High school student earns A in hacking"

    Forwarded from: Russell Coker <russellat_private>
    
    On Mon, 16 Dec 2002 12:17, InfoSec News wrote:
    > Forwarded from: Mark A. Simos <MSimosat_private>
    > Cc: myemailaccountat_private
    >
    > The attacks on Microsoft's security are getting repetitious and
    > counter-productive. There are plenty of flaws in many open source
    > products that could be listed and lambasted on a list such as this.
    
    The security problems in Open Source programs are not hidden or down-played.  
    They are fixed as rapidly as possible.
    
    Also Open Source software is much easier to fix.
    "apt-get update ; apt-get dist-upgrade" is much easier than the process of 
    applying fixes for MS operating systems.
    
    > IMHO, the attacks have worked and should be put aside until it is
    > obvious they are needed again.
    
    What do you mean by this?  Are you referring to the fact that it is
    necessary to exploit security holes in commercial products to get the
    vendor to fix them?
    
    > The company shutdown production for 2 months and forced every
    > developer to review every line of code.
    
    For that to be true they would need to be very inefficient programmers
    or very efficient auditors.
    
    Auditing code for security holes and fixing them is very difficult
    work.  I simply don't believe that they are capable of auditing all
    the code in that time.
    
    -- 
    http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
    http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
    http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
    http://www.coker.com.au/~russell/  My home page
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Wed Dec 18 2002 - 13:12:32 PST