RE: [ISN] Microsoft upgrades IE flaw to critical after criticism

From: InfoSec News (isnat_private)
Date: Mon Dec 16 2002 - 03:17:56 PST

  • Next message: InfoSec News: "[ISN] Feds invoked national security to speed key Internet change"

    Forwarded from: Mark A. Simos <MSimosat_private>
    Cc: myemailaccountat_private
    
    The attacks on Microsoft's security are getting repetitious and
    counter-productive. There are plenty of flaws in many open source
    products that could be listed and lambasted on a list such as this.
    
    IMHO, the attacks have worked and should be put aside until it is
    obvious they are needed again. The company shutdown production for 2
    months and forced every developer to review every line of code. That
    is a pretty serious commitment for a profit driven corporation. The
    versions of the software most directly affected have not even been
    released in production yet.
    
    How would you motivate a large number of home-users to patch affected
    systems? RedHat et al currently still have the mixed blessing of not
    having a large install base of unmanaged home PCs. RedHat will face
    the exact same problem if/when it gains marketshare in that area. then
    what? do they remotely as redhat root account force people to patch?
    do they coax, cajole and try to sell patching to end users?
    
    Full Disclosure: I work for the evil empire, get over it.
    
    FYI, I mean nothing special about redhat specifically, they are just
    the most popular MS alternative in the US
    
    
    At 04:52 AM 12/13/2002 -0600, InfoSec News wrote:
    > Forwarded from: "Kuypers, Jimmy" <myemailaccountat_private>
    >
    > CMIIW, but didn't microsoft anounce to downplay alot of it's
    > security warnings to less then "critical" because of the many
    > critical patches real end-users could no longer distinquish wich
    > patches are truely critical (imo all are ofcourse) and then the
    > end-users wouldn't download any of them... This was also called the
    > "boy who cried wolf" effect....
    >
    > Leme see, yes a quote :
    > "The Redmond-based software giant also plans to limit the "critical"
    > rating on security alerts to customers because of fears that too
    > many high-level alerts were being issued. Instead of issuing a
    > "critical" rating on vulnerability warnings, Microsoft has modified
    > its Severity Rating Criteria to specify clearly which bugs needed to
    > be addressed immediately.
    
    [...]
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Wed Dec 18 2002 - 18:57:28 PST