-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 2 Oct 2003 15:47:26 -0400 "Richard M. Smith" <[EMAIL PROTECTED]> wrote: > Class-action suit points to Microsoft security flaws > http://news.com.com/2100-1009-5085730.html > The lawsuit, filed Tuesday in Los Angeles Superior Court, > also claims that Microsoft's security warnings are too complex to be > understood by the general public and serve instead to > tip off "fast-moving" hackers on how to exploit flaws in its operating > system. Rather disturbing. Much as I approve of the rest of the complaint, it sounds like amicus curiae briefs from the security community are needed in support of Microsoft on this particular issue. I find Microsoft security warnings to usually be not detailed enough and generaly rely on the rest of the security community for workarounds and information and tools to verify whether Microsoft's patches have actually resolved a problem. This list is indeed based on the principle that full disclosure of the details of vulnerabilities is fundamental to maintaining secure systems. - -Paul - ------------- Paul J. Morris [EMAIL PROTECTED] Biodiversity Information Manager, The Academy of Natural Sciences 1900 Ben Franklin Parkway, Philadelphia PA, 19103, USA -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE/fab+eqkk3tLUswERAqOpAJ0fl41FF2/M36+jXx6Q4kT1w67YMQCghhGC pV4NIfpuETQ8JfLAq0ipKBo= =PsWF -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
