[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ale] AT&T Broadband blocking inbound http?
- Subject: [ale] AT&T Broadband blocking inbound http?
- From: transam at cavu.com ([email protected])
- Date: Mon, 13 Aug 2001 00:39:58 -0400
> God help me!!! I'm about to defend Microsoft on a Linux mailing list!!!
> Actually, while Microsoft's reputation for "out of the box" security
> is absolutely horrible, their cooperation with the Security Community
> "after the fact" is quite good. They DO release patches within reasonable
> time frame. They DO admit their screw-ups (all too often). And they
> DO cooperate with others when developing bug fixes. Scott Culp has
> put an awful lot of work into improving the MS reputation within the
> Security Community. His efforts are paying dividends. The patch for this
> particular bug was released fairly soon after it was discovered. It's
> not their fault that everyone ignored the warnings. But...and this is
> a big-ass but...they did fail to patch half the servers on the Hotmail
> development network and they have scanned me repeatedly costing me
> </tongue in cheek>
Don't congratulate them too much on their cooperation.
The ONLY reason why they cooperate is because when they didn't, they suffered
the consequences. Back then, "white hats" followed standard protocol: they
warned the vendor of security holes and told them that they'd better get
off their BLEEP and provide patches in X days. After X days the holes would
be revealed to all on popular security lists (also read by crackers).
After lots of embarrassment and ignored threats from M$ lawyers, M$ realized
that they had no alternative and started issuing patches quickly, before X
days passed (X typically being 5-30).
> Jonathan Rickman
> X Corps Security
transam at cavu.com [Bob's ALE Bulk email]
bob at cavu.com [Please use for email to me]
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.