On Sat, 12 Mar 2005 13:41:26 +0100, Tamas Feher <[EMAIL PROTECTED]> wrote: > http://www.reuters.com/newsArticle.jhtml?type=technologyNews&storyID=7 > 876004&src=rss/technologyNews > > Microsoft to Offer Patches to U.S. Govt. First > by Reuters, 11 Mar 2005 [snip] > Under a plan to take effect later this year, Microsoft will give the > U.S. Air Force versions of software "patches" to fix serious security > vulnerabilities up to a month before they are available to others, > the paper said. [snip]
Isn't the real issue we're trying to address, is that the US Govt's advance knowledge of this information, does not serve the masses? My strongest opinion is to provide it for everyone at the same time. This advance notice has some indication that someone does not have the (wo)man power and action plan on how to handle these updates. Seems like what ever reason they have, is a complete cop-out (Feel free to enlighten me Uncle Sam, I honor thee, but why are thou so special?). Two words for Uncle Sam. "Cowboy up!". Sure MSFT says the updates will only be stalled to the public, "up to a month", but that could be any amount of time. And this whole nonsense of "black hats only find these holes from updates" is just that, nonsense. How many times have we seen a website turn a browser into a mushroom cloud? I mean, we've NEVER seen a program crash by visiting websites, right? Reproduce that, and you've got yourself the makings of an exploit. What if the next discovered hole is a worm writer? (I'm not meaning to suggest that internet/www are not the only "critical updates" of concern in this topic, but it's the easiest to illustrate) Thank you, Scott Edwards -- Daxal Communications - http://www.daxal.com Surf the USA - http://www.surfthe.us _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://www.secunia.com/
