[ISN] RE: [Full-Disclosure] Microsoft prepares security assault on Linux

From: InfoSec News (isn@private)
Date: Thu Nov 13 2003 - 05:59:15 PST

  • Next message: InfoSec News: "[ISN] Re: [Full-Disclosure] Microsoft prepares security assault on Linux"

    Forwarded from: "Russ" <Russ.Cooper@private>
    To: <jasonc@private>, <support@private>
    Cc: "Helmut Hauser" <helmut.hauser@private>,
       <full-disclosure@private>, <bugtraq@private>,
       <isn@private>
    
    Jason said;
    
    > I wrote an information security book last year under contract with
    > Microsoft Press. The book was never published -- among other things
    > it explains truthfully the poor security condition of Windows and
    > offers detailed instructions and advice for defending against
    > Microsoft's bad business practices and incorrect security decisions.
    
    Because maybe a book isn't needed to describe what I describe in 3
    pages, 10 points, keystroke by keystroke, button click by button
    click, documentation. Assuming the requisite files are on hand, it
    takes less than an hour to "harden" an IIS box against all of this
    years attacks, and the document was written 2 years ago.
    
    Fine, my 3 pages doesn't help "to educate developers of Web
    applications so that fewer new vulnerabilities would have been
    created.", but at least mine got published to our customers...;-]
    
    > Microsoft suppresses awareness of vulnerabilities in order to
    > profit.
    
    Funny how they've always encouraged me with NTBugtraq, that would seem
    to be at odds with your perception of their position. Funny how I once
    tried to convince them to bury a vulnerability patch in a service pack
    rather than release a security bulletin, and there was no way they
    would have it.
    
    The old adage, "You catch more flies with honey" seems to often be the
    opinion of publishers, one reason I've never written a book (no
    publisher wants to publish a book written the way I write...;-]) Since
    they're putting the money up, I have to assume they have good stats on
    the demographics of who will buy it and what the buyer expects. Its
    their audience, write it for yourself, publish it yourself (as you've
    done.) That they thought it wasn't going to be profitable (from a
    publishing perspective) doesn't necessarily mean Microsoft is trying
    to "suppress awareness of vulnerabilities", it could just mean they
    didn't think it would sell.
    
    Cheers,
    Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Nov 13 2003 - 09:48:29 PST