__/ [ Doug Men
Related:tohl ] on Monday 02 April 2007 13:52 \__
> BearItAll wrote:
>
>> many a software security vendor wanting a bit of a free
> > advert.. And poor old MS are expected to run breathless
>> from one security vulnerability to the next.
>
> Well no, MS had a full four months to catch its breath and they did
> claim that Vista was way harder to exploit.
>
> 'We made it way harder for guys to do exploits. The number [of
> violations] will be way less because we?ve done some dramatic things [to
> improve security] in the code base. Apple hasn?t done any of those things'
>
> http://www.msnbc.msn.com/id/16934083/site/newsweek/
>
>> But half the time it's nutters or companies after a bit of free
>> advertising.
>
> No, its the nutters producing the defective hardware/software.
>
>> So already the bloke who is responsible for finding true and genuine
>> flaws,
>
> If remote execution of arbitrary code isn't a genuine flaw then what is?
It is worth mentioning that, while Microsoft said it would patch it by the
9th, it ended up releasing an immediate patch, _within a few days_. Why oh
why could Microsoft not take care of this severe flaw (also affacting Vista
which was pre-released at the time of the find) until it was already doing
damage? It is exploited and spread primarily through a bunch of Chinese
sites. Does Microsoft hope that its vulns count will remain low if they
patch nothing unless its exploited, even if it's _known about_?
--
~~ Best wishes
Roy S. Schestowitz | GPL'd 3-D Reversi: http://othellomaster.com
http://Schestowitz.com | Open Prospects ¦ PGP-Key: 0x74572E8E
Tasks: 127 total, 2 running, 122 sleeping, 0 stopped, 3 zombie
http://iuron.com - knowledge engine, not a search engine
|
|