-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 M$ will never let us h4x0rz into their source (willingly) but I agree with you James, the open source paradigm has regularly outpaced M$ and many other large corporate software producers where it comes to addressing bugs, security holes, and in many cases feature requests.
I don't think too many people will agree with me on this but my feeling (call it a hunch) has been that vista will be the beginning of the end for M$. Already more and more "average users" (like my dad who knows jack about computers) are installing, using, and liking Linux. I guess time will tell. As to this patch, or the time M$ takes to release any patch... the word that comes to mind here is "typical". After all, what can you expect from a company that is commonly referred to as Micro$loth. - -tlc James Matthews wrote: > Hi Everyone > > (This can also be an open letter to Microsoft) > > Recently I have see a blog post of Microsoft's security team! What i > have found disturbs me even more then when we find these 0days! This is > what they write! > > I'm sure one question in people's minds is how we're able to release an > update for this issue so quickly. I mentioned on Friday > <http://blogs.technet.com/msrc/archive/2007/03/30/update-on-microsoft-security-advisory-935423.aspx#Vulnerability> > that this issue was first brought to us in late December 2006 and we've > been working on our investigation and a security update since then. This > update was previously scheduled for release as part of the April monthly > release on April 10, 2007. > > Are you telling me that this hole was around for just about 4 months and > they did nothing about it? I am not wondering why it took them so long > to come out with this patch not why they are putting out so early! Also > when they were told about this vulnerability they should of fixed it > right away as we have seen with the OpenBSD ICMP IP 6 hole! Core > security told them about it LESS THEN A WEEK LATER THERE WAS A PATCH. > > So we ask why? Why does it take so long to put out a patch? > > Due to the increased risk to customers from these latest attacks, we > were able to expedite our testing to ensure an update is ready for broad > distribution sooner than April 10. > > Really? Then Please explain this paragraph > > *Disclaimer: * > > The information provided in this advisory is provided "as is" without > warranty of any kind. Microsoft disclaims all warranties, either express > or implied, including the warranties of merchantability and fitness for > a particular purpose. In no event shall Microsoft Corporation or its > suppliers be liable for any damages whatsoever including direct, > indirect, incidental, consequential, loss of business profits or special > damages, even if Microsoft Corporation or its suppliers have been > advised of the possibility of such damages. Some states do not allow the > exclusion or limitation of liability for consequential or incidental > damages so the foregoing limitation may not apply. > > > Links: > http://blogs.technet.com/msrc/archive/2007/04/01/latest-on-security-update-for-microsoft-security-advisory-935423.aspx > <http://blogs.technet.com/msrc/archive/2007/04/01/latest-on-security-update-for-microsoft-security-advisory-935423.aspx> > http://www.microsoft.com/technet/security/advisory/935423.mspx > > > I can go on and on but you all get the point! > > James > > > > > > > > > > > -- > http://www.goldwatches.com/watches.asp?Brand=39 > http://www.wazoozle.com > > > ------------------------------------------------------------------------ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGE8LvnBEWLrrYRl8RArXpAJ4+jj+m+iIAXuYw7JOyjrWxS5NmhACfV5q/ ql0ShSIP8lkYpFswZwOOb0k= =Dsmb -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
