Hi Paul,No, that's not what I meant at all. The fact is almost all software has weaknesses and flaws in it. Unless you happen to be one of those with enough time and skill to hunt down these flaws, you won't know about them until they either become public knowledge, a patch is released or you experience a compromise.
Odd. I would have thought the answer was self evident. You take the standard precautions that every security person should know.
So just because the source code hasn't been leaked until now means people were not obliged to take these precautions? A weak point, don't you think?
In the meantime, what can you do? The same thing you always have to do. Take the appropriate security precautions. Unfortunately far too many wait until they have a problem to take those steps.
Yes, unless you are able to determine what, if any, flaws are in the software. Not many can do that.
So what you are saying here, reduced to the essence, is that the only "preparation" we can do as an answer to the leaking are the same precautions we are doing all the time anyway?!
I have to agree the initial doubting question then that there is hardly anything we can do but sit and wait and apply standard security precautions we would have anyway. We're talking about closed source software here. Everything customers can do is to sit and wait for patches from MS if there's a problem.
Personally I don't think this leak will unavoidably lead to a serious increase of heavy and even more sneakier exploits. We already have them. The last week has been evidence enough. Maybe this will even lead to more security as customers with the capacity will have the potential to identify possible threats themselves and point them out to MS ;-)
I suspect that flaws will probably be found. After all, they already have been found without the source. It's only logical that with the source in hand more flaws will be found.
Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
