<posted & mailed>
____/ Jerry McBride on Tuesday 18 December 2007 23:16 : \____
> Roy Schestowitz wrote:
>
>> ____/ Linonut on Tuesday 18 December 2007 17:06 : \____
>>
>>> * Peter Köhlmann fired off this tart reply:
>>>
>>>> http://www.heise-security.co.uk/news/100789
>>>>
>>>> DFS will tag this a "feature"
>>>
>>> It is. It encourages alternative browsers:
>>>
>>> Users should view pages that cause IE to crash using an alternative
>>> browser such as Firefox, Opera or Safari until Microsoft provides an
>>> official solution to the problem.
>>>
>>> *LMAO*
>>>
>>> The same recommendation could be made about operating systems, by the
>>> way.
>>
>> I don't know if you remember this, but about, umm... 10 months ago
>> Microsoft describes Office 2007 crashes as a feature. I kid you not and I
>> can find a reference. Actually, let me try now...
>>
>> Oh, got it in just 5 seconds!
>>
>> Microsoft: Word 2007 crashes are a feature, not bug
>>
>> ,----[ Quote ]
>> | Crashes in Microsoft Word 2007 are designed to improve security,
>> | says Microsoft
>> `----
>>
>> http://www.computerworld.com.au/index.php/id;377659799
>>
>>
>> Also see:
>>
>> Working around IE7s prompt bug, er feature
>>
>> ,----[ Quote ]
>> | So while every other browser on the planet can handle javascript
>> | prompts -- and have done so, pretty much since javascript was
>> | first stuffed inside the browser -- Microsoft didn't have the
>> | resources to deal with it and so, effectively, disabled it.
>> |
>> | [...]
>> |
>> | This stops javascript from continuing until the prompt box is
>> | addressed, then and only then will the alert box appear. The
>> | modality of the prompt box prevents javascript from moving on
>> | until the user has performed some action on the box.
>> `----
>>
>> http://www.hunlock.com/blogs/Working_around_IE7s_prompt_bug,_er_feature
>>
>>
>> The Contradictory State of OOXML
>>
>> ,----[ Quote ]
>> | Other contradictions would seem to be impossible to resolve given the
>> | nature of OOXML itself, the stated purpose of which is to describe a
>> | single vendor's product -- bugs and all.
>> `----
>>
>>
>
http://www.consortiuminfo.org/standardsblog/article.php?story=20070117145745854
>>
>>
>> A most ingenious paradox: make 1900 a leap year?
>>
>> ,----[ Quote ]
>> | I don't believe there's been enough discussion of the weaknesses
>> | gradually being uncovered in Microsoft's 6,000-page dump of Office
>> | behavior, which they are trying to call a standard.
>> |
>> | [...]
>> |
>> | To help Office to become a standard, one adaptation governments
>> | could make would be to retroactively declare 1900 a leap year.
>> | This would require updates to history books and other documents
>> | (for instance, V-E day would change to May 7, and the World
>> | Trade Center attacks would have taken place on September 10)
>> | but I'd like to see a cost comparison with the alternative that
>> | businesses dread: migrating to open document formats.
>> `----
>>
>>
>
http://www.oreillynet.com/onlamp/blog/2007/01/a_most_ingenious_paradox_make.html
>>
>
>
> I remember that "bug is a feature" crap very well. It's the most blatant
> example of whitwash that has ever been attempted by them...
>
> Thanks for the URL's... I'll run them off the laser printer at work, before
> the links mysteriously disappear into vapors...
Scott M. Fulton, III in a letter to the US DoJ:
"When faced with a situation where the only rational option is for
Microsoft to solve its own problems, Microsoft chooses instead to go
on the attack against some outside enemy that could potentially expose
or spotlight those problems. As a result, those problems may never be
solved, but the enemy du jour becomes so damaged that the continued
existence of those problems in the context of the industry as a whole,
becomes inconsequential. To this day, serious bugs and deficiencies in
Microsoft's operating systems and applications, discovered by myself
and others and duly reported to Microsoft, remain uncorrected, quite
possibly for fear of the political cost of exposing the problem by
making the world aware of its solution."
Also see:
Critical Vulnerability in Microsoft Metrics
,----[ Quote ]
| This is a small subset of all the vulnerabilities, because the
| vulnerabilities that are found through the QA process and the vulnerabilities
| that are found by the security folks they engage as contractors to perform
| penetration testing are fixed in service packs and major updates. For
| Microsoft this makes sense because these fixes get the benefit of a full test
| pass which is much more robust for a service pack or major release than it is
| for a security update.
`----
http://blog.mozilla.com/security/2007/11/30/critical-vulnerability-in-microsoft-metrics/
Skeletons in Microsoft’s Patch Day closet
,----[ Quote ]
| This is the first time I’ve seen Microsoft prominently admit to silently
| fixing vulnerabilities in its bulletins — a controversial practice that
| effectively reduces the number of publicly documented bug fixes (for those
| keeping count) and affects patch management/deployment decisions.
`----
http://blogs.zdnet.com/security/?p=316
Beware of undisclosed Microsoft patches
,----[ Quote ]
| Forget for a moment whether Microsoft is throwing off patch counts
| that Microsoft brass use to compare its security record with those
| of its competitors. What do you think of Redmond’s silent patching
| practice?
`----
http://blogs.zdnet.com/microsoft/?p=527
Microsoft is Counting Bugs Again
,----[ Quote ]
| Sorry, but Microsoft's self-evaluating security counting isn't really a
| good accounting.
|
| [...]
|
| The point: Don't count on security flaw counting. The real flaw is
| the counting.
`----
http://www.microsoft-watch.com/content/security/microsoft_is_counting_bugs_again.html?kc=MWRSS02129TX1K0000535
--
~~ Best of wishes
Roy S. Schestowitz | "The speed of time is one second per second"
http://Schestowitz.com | GNU is Not UNIX | PGP-Key: 0x74572E8E
http://iuron.com - proposing a non-profit search engine
|
|