[I think these criticisms are well-taken. Politech isn't really a great
place to distribute info on The Embarrassing But Painfully Important
Microsoft Security Flaw Of The Day. There are better fora for that. But if
I do send out such an alert, I should include more info. Lesson learned!
--Declan]
---
from: dan@private
To: Declan McCullagh <declan@private>
cc: dan@private
Subject: Re: [Politech] If you use Microsoft Windows, remember to patch
your PC
In-reply-to: Your message of "Thu, 12 Feb 2004 01:00:20 EST."
<6.0.0.22.2.20040212004238.02a67aa0@private>
Date: Thu, 12 Feb 2004 10:53:20 -0500
Don't you think that there is some irony in
> You must use Microsoft Explorer to install it.
where the implication is that IE has an angle
on local machine control that represents a level
of tight integration with the operating system
that is titularly in violation of the thrust of
the antitrust matter and a working example of
the monoculture risk?
--dan
---
Date: Thu, 12 Feb 2004 14:22:13 +0700
From: emx <emxlists@private>
To: Declan McCullagh <declan@private>
CC: marc@private
Subject: Re: [Politech] If you use Microsoft Windows, remember to patch your PC
What's the point of this on politech?
It is useless, innacurate, vague and ... completely unrelated to politech
topics
if the author is referring to the latest vulnerability discovered by
eEye and announced on public security mailing list Bugtraq yesterday,
then yes, it's one more vulnerability - but they come at least once a
month so what's the big news? it's just one more day in the computer
security world.
if people need computer security advice, they can refer to the
appropriate forums. there is nothing more harmful than security
advices delivered by people without security knowledge. would you take
a particular prescription medecine if your pal who never studied
medecine told you to do it?
---
Date: Thu, 12 Feb 2004 10:57:21 -0500 (EST)
From: Jim Huggins <jhuggins@private>
To: Declan McCullagh <declan@private>
Subject: Re: [Politech] If you use Microsoft Windows, remember to patch your
PC
Let me say right off the bat that this is a legitimate warning, and I'm
sure that Marc Perkel is an honorable, knowledgeable person. (I've never
met Marc, of course, but I have no reason to doubt that.)
Still, I noticed in myself over the last week as I was patching my systems
a certain apathy in my attitude towards the patch. Sure, every major
media outlet (not to mention all of my mailing lists) seems to be warning
me to patch my systems. But I've heard this warning *so many times* that
my reaction now is more along the lines of "yeah, yeah, heard it all
before, stupid MS-Windows patch, I'll do it when I darn well feel like
it". Microsoft has cried "Patch Me!" so many times that I feel a little
like the villagers listening to the boy crying "Wolf!", wondering when I
should really care and when I shouldn't.
I wonder if anyone else is feeling that same level of apathy developing,
or seeing it develop in others.
I also wonder about the nature of our warnings. While I can understand
the desire to explain the problems in a non-technical manner, I fear we
can go too far in that regard. For example, Marc said in his message:
> Virus Warning for Windows Users - Very Serious
> Microsoft has yet another very serious security flaw that gives
> anyone with the right know how total access to your computer. I
> don't know all the details - but it might be the biggest one
> yet. If you remember the SoBig and Code Red viruses last fall -
> this one will similar
My first reaction on seeing this was to say "gee, yet another urban legend
... unverifiable source, no details, vague threats of harm, requests to
post as many places as possible." I've spent a lot of time educating my
friends on the nature of urban legends ... I'd hate for them to start
ignoring legitimate warnings because they look like urban legends.
Just my $.02.
--Jim Huggins
---
Date: Fri, 13 Feb 2004 22:35:52 -0500 (EST)
Subject: Re: [Politech] If you use Microsoft Windows,
remember to patch your PC
From: "White, Matt" <mattw@private>
To: "Declan McCullagh" <declan@private>
Reply-To: mattw@private
This type of non-substantive "virus" warning is not useful and will only
cause confusion. There is no "virus" at this time; a security hole was
discovered and patched, that is all.
I enjoy the privacy/technology news that you pull together in Politech but
this type of warning is not helpful or needed. There isn't even a link to
Microsoft's security bulletin or a notice from SecurityFocus.
Matt
---
Date: Fri, 13 Feb 2004 02:11:47 +0100
From: chefren <chefren@private>
To: Declan McCullagh <declan@private>
Subject: Re: [Politech] If you use Microsoft Windows, remember to patch your
On 02/12/04 07:00, Declan McCullagh wrote:
>---
>Date: Wed, 11 Feb 2004 10:02:29 -0800
>From: Marc Perkel <marc@private>
>To: Declan McCullagh <declan@private>
>Subject: Yet another Microsoft Security Flaw
"Relax" there are numerous flaws, not just one.
http://www.eeye.com/html/Research/Upcoming/index.html
That's just one list of one company, look with Google for "Cuartango" or
"Guninski" or combinations with eEye to find others.
Please stop thinking and publishing about patching your MS OS and buying
clueless anti-virus stuff that by default is too late for serious
threats that =exist=.
With MS software you prove every day again and again that you don't take
the data on your computer as wired to the Internet serious. Data send to
you by friends and business relations fully exposed by you to any bad guy
who really wants it.
+++chefren
---
Date: Thu, 12 Feb 2004 07:08:15 -0600
From: Jim Smilanich <jsmilan@private>
Reply-To: jsmilan@private
Subject: [Fwd: [Politech] If you use Microsoft Windows, remember to patch
your PC]
Content-Type: multipart/mixed;
All;
Here is the link to the original report for this particular bug for those
of you who aren't as anal as I am about following security announcements.
http://www.eeye.com/html/Research/Advisories/AD20040210.html
Note that the security company reported the problem over 6 MONTHS ago.
Worse, this particular bug is a trivial one to test for and patch. In the
opinion of one well respected computer security researcher, Microsoft was
"inexcusably negligent" in taking so long to repair the problem.
This one will be trivial for the hackers to exploit. We will see exploits
in the wild very quickly. Please visit
http://windowsupdate.microsoft.com
and update the Critical patches as soon as possible.
Thanks,
Jim
_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)
This archive was generated by hypermail 2b30 : Wed Feb 18 2004 - 22:06:30 PST