volunteer as an expert witness when the negligence lawsuits finally arise :)
and you? "Burnes, James" <[EMAIL PROTECTED]> said: > One word, > > m-o-n-o-p-o-l-y > > And what are you going to do about it, punk? > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:full- disclosure- > > [EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] > > Sent: Friday, June 25, 2004 10:02 AM > > To: [EMAIL PROTECTED] > > Cc: [EMAIL PROTECTED]; full- [EMAIL PROTECTED] > > Subject: [Full-Disclosure] Microsoft and Security > > > > > > > > Where is Microsoft now "protecting their customers" as they love > > to bray? Should not someone in authority of this public company > > step forward and explain themselves at this time? > > > > All of sudden panic is being created across the WWW with "IIS > > Exploit Infecting Web Site Visitors With Malware", "Mysterious > > Attack Hits Web Servers", "Researchers warn of infectious Web > > sites" all stemming from all news accounts from an > > unpatched "problem" with Internet Explorer now two weeks old and > > counting, which in fact in reality stems from 10 months ago, > > that being the adodb.stream safe for scripting control with > > write capabilities. > > > > What exactly is being done about this? Nothing. What does > > multiple billions of dollars buy you today. Nothing. However for > > $20 million you can almost fly to the moon. > > > > Someone ought to step forward and explaini what exactly is > > happening at this public company. The great "protector of their > > customers". One might even suggest that their entire "security" > > mandate be re-examined. What exactly do they consider a > > vulnerability? Something that suits them or something that's > > cost effective to fix. So what, a few people lose their > > identities, have a few dollars extracted from their bank > > accounts, have their home pages reset, we'll fix it when it > > suits us as we have to be on budget this quarter. The Big Boss > > says $40 billion isn't enough this year. > > > > A vulnerability: > > > > http://www.microsoft.com/technet/archive/community/columns/securi > > ty/essays/vulnrbl.mspx > > > > "A security vulnerability is a flaw in a product that makes it > > infeasible - even when using the product properly-to prevent an > > attacker from usurping privileges on the user's system, > > regulating its operation, compromising data on it, or assuming > > ungranted trust." > > > > what this gibberish? For the past 10 months the adobd.stream > > object is capable of writing files to the "all important > > customer's" computer. It has real world consequences. It rapes > > their computer. Does it fit into the gibberish custom > > definition. Plain and simple: "A security vulnerability is a > > flaw in a product that makes it infeasible". What kind of > > language is this. Reads like the financial department conjured > > it up. > > > > Disabling scripting won't solve it. Putting sites in one of the > > myriad of "zones' won't solve it. Internet Explorer can > > trivially be fooled into operating in the less than secure so- > > called "intranet zone" and it can be guided there remotely. > > > > What's happening here. Where is the Microsoft representative > > explaining all of this to the shareholders and "customers" they > > so dearly wish to protect. This is unacceptable. Someone must > > be held accountable. > > > > > > -- > > http://www.malware.com > > > > > > > > > > > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.netsys.com/full-disclosure-charter.html > -- http://www.malware.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
