http://www.theage.com.au/articles/2005/01/19/1106074829004.html By Online Staff January 19, 2005 Symantec's security website SecurityFocus, which runs the well-known Bugtraq vulnerability mailing list, has been forced to retract one of its columns [1] in which it claimed that only people who validated their copies of Windows online could download Microsoft's spyware beta. The column, by Mark D. Rasch, J.D., who is a former head of the Justice Department's computer crime unit, and now serves as Senior Vice President and Chief Security Counsel at Solutionary Inc., was posted on January 18. In the article, Rasch wrote: Early last month Microsoft announced that it would permit downloads of a beta version of its anti-spyware software from its website. However, users attempting to download the software are informed that "[t]his download is available to customers running genuine Microsoft Windows. Please click Continue to begin Windows validation." The website then uploads an executable file called "GenuineCheck.exe" to the users computer. However, in reality, users can click on the Continue button and proceed to a page where they have the choice of downloading the spyware beta after validating their copy of Windows or without going through the validation process. Today, an editor's note was seen on the article: "This column is in error. The download site for Microsoft's anti-virus software strongly encourages users to run the company's validation software, but does not require it. SecurityFocus apologizes (sic) for the mistake." SecurityFocus is owned by Symantec which, in 2002, purchased what was until then one of the most comprehensive databases of vulnerabilities available, for $US75 million. [1] http://securityfocus.com/columnists/292 _________________________________________ Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/
This archive was generated by hypermail 2.1.3 : Fri Jan 21 2005 - 01:45:22 PST