RE: [ISN] Microsoft upgrades IE flaw to critical after criticism

From: InfoSec News (isnat_private)
Date: Mon Dec 16 2002 - 03:17:56 PST

Next message: InfoSec News: "[ISN] Feds invoked national security to speed key Internet change"

Previous message: InfoSec News: "[ISN] Angry Kuwaiti hacker launches cyber attack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Forwarded from: Mark A. Simos <MSimosat_private>
Cc: myemailaccountat_private

The attacks on Microsoft's security are getting repetitious and
counter-productive. There are plenty of flaws in many open source
products that could be listed and lambasted on a list such as this.

IMHO, the attacks have worked and should be put aside until it is
obvious they are needed again. The company shutdown production for 2
months and forced every developer to review every line of code. That
is a pretty serious commitment for a profit driven corporation. The
versions of the software most directly affected have not even been
released in production yet.

How would you motivate a large number of home-users to patch affected
systems? RedHat et al currently still have the mixed blessing of not
having a large install base of unmanaged home PCs. RedHat will face
the exact same problem if/when it gains marketshare in that area. then
what? do they remotely as redhat root account force people to patch?
do they coax, cajole and try to sell patching to end users?

Full Disclosure: I work for the evil empire, get over it.

FYI, I mean nothing special about redhat specifically, they are just
the most popular MS alternative in the US

At 04:52 AM 12/13/2002 -0600, InfoSec News wrote:
> Forwarded from: "Kuypers, Jimmy" <myemailaccountat_private>
>
> CMIIW, but didn't microsoft anounce to downplay alot of it's
> security warnings to less then "critical" because of the many
> critical patches real end-users could no longer distinquish wich
> patches are truely critical (imo all are ofcourse) and then the
> end-users wouldn't download any of them... This was also called the
> "boy who cried wolf" effect....
>
> Leme see, yes a quote :
> "The Redmond-based software giant also plans to limit the "critical"
> rating on security alerts to customers because of fears that too
> many high-level alerts were being issued. Instead of issuing a
> "critical" rating on vulnerability warnings, Microsoft has modified
> its Severity Rating Criteria to specify clearly which bugs needed to
> be addressed immediately.

[...]

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn'
in the BODY of the mail.

Next message: InfoSec News: "[ISN] Feds invoked national security to speed key Internet change"
Previous message: InfoSec News: "[ISN] Angry Kuwaiti hacker launches cyber attack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Dec 18 2002 - 18:57:28 PST