[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] AT&T Broadband blocking inbound http?



> God help me!!! I'm about to defend Microsoft on a Linux mailing list!!!

> Actually, while Microsoft's reputation for "out of the box" security
> is absolutely horrible, their cooperation with the Security Community
> "after the fact" is quite good. They DO release patches within reasonable
> time frame. They DO admit their screw-ups (all too often). And they
> DO cooperate with others when developing bug fixes. Scott Culp has
> put an awful lot of work into improving the MS reputation within the
> Security Community. His efforts are paying dividends.  The patch for this
> particular bug was released fairly soon after it was discovered. It's
> not their fault that everyone ignored the warnings. But...and this is
> a big-ass but...they did fail to patch half the servers on the Hotmail
> development network and they have scanned me repeatedly costing me
> Trillions!!!!
> </tongue in cheek>

Don't congratulate them too much on their cooperation.

The ONLY reason why they cooperate is because when they didn't, they suffered
the consequences.  Back then, "white hats" followed standard protocol: they
warned the vendor of security holes and told them that they'd better get
off their BLEEP and provide patches in X days.  After X days the holes would
be revealed to all on popular security lists (also read by crackers).

After lots of embarrassment and ignored threats from M$ lawyers, M$ realized
that they had no alternative and started issuing patches quickly, before X
days passed (X typically being 5-30).
> -- 
> Jonathan Rickman
> X Corps Security
> http://www.xcorps.net

Bob
transam at cavu.com                       [Bob's ALE Bulk email]
bob at cavu.com                           [Please use for email to me]
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.