Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: Trustworthy Computing

__/ [Jim Richardson] on Monday 02 January 2006 01:35 \__

> On Mon, 02 Jan 2006 00:18:42 +0000,
>  B Gruff <bbgruff@xxxxxxxxxxx> wrote:
>> Looks pretty bleak to me...... is this latest one really really bad then?
>> http://isc.sans.org/diary.php?rss&storyid=996


  I've written more than a few diaries, and I've often been silly or said
  funny things, but now, I'm being as straightforward and honest as I can
  possibly be: the Microsoft WMF vulnerability is bad.  It is very, very bad.


> <quote>
> The word from Redmond isn't encouraging.  We've heard nothing to
> indicate that we're going to see anything from Microsoft before January
> 9th.
> The upshot is this: You cannot wait for the official MS patch, you
> cannot block this one at the border, and you cannot leave your systems
> unprotected.
> </quote>

I imagine that vendor liability does not fall under the EULA. I have seen
hosts staying up all night, heroically fighting a downtime in attempt to
satisfy the customer.

I suppose that in Redmond, pulling some employees back from a ski trip in
Aspen isn't worth it. What have they got to lose? Customers? "Where can the
customers go", they would say. When flaws are taken for granted, a monopoly
will be broken. If third-parties can patch this and even test the DLL, so
could the giant. In fact, there are many more necessary patches that are
either snubbed or procrastinated.


  "Almost 4 years after the launch of Trustworthy Computing, I found myself
  wondering why am I staying up till 4:00 AM to deliver an emergency set of
  instructions (Home and Enterprise) to my readers because Microsoft felt it
  unnecessary to patch a flaw six months ago that was originally low risk but
  mutated in to something extremely dangerous."

Do they need more manpower? Higher budget? What is it then...?


[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index