Microsoft: Critical patch goes missing
,----[ Quote ]
| Busy day for IT departments but key fix goes AWOL
`----
http://www.computerworlduk.com/technology/operating-systems/windows/news/index.cfm?newsid=7467
Microsoft dishes out six critical updates
,----[ Quote ]
| They all focus on flaws in the programs that could allow remote code
| execution. Affected systems are those running Windows XP, Windows Vista and
| Windows Server 2003
`----
http://www.theregister.co.uk/2008/02/13/patch_tuesday_february/
All the decent engineers have left (links below). They don't know what the heck
they're doing.
Days ago:
Microsoft fixes 17 flaws in 11 patches; 6 are 'critical'
,----[ Quote ]
| Microsoft on Tuesday released its February 2008 security bulletin, which
| includes 11 bulletins, six of which are deemed "critical" by Microsoft, while
| five are deemed "important." One bulletin, suggested in the advance notice
| posted Thursday, failed to be released Tuesday.
`----
http://www.news.com/8301-10789_3-9870399-57.html?part=rss&subj=news&tag=2547-1_3-0-20
Related:
A test for Microsoft's managerial meddling
,----[ Quote ]
| Will interference by the Redmond empire drive its hottest acquired talent to
| jump ship?
`----
http://www.marketwatch.com/news/story/interference-microsoft-drive-away-its/story.aspx?guid=%7B7E0A2E41%2DD7E5%2D4BED%2D959C%2D2C0818CEEFDC%7D&siteid=yhoof
Commentary: Redmond bosses again show they can't handle creative types
http://www.marketwatch.com/news/story/microsoft-bosses-again-show-they/story.aspx?guid=%7B861065D6%2D3BAE%2D4F5C%2DBF1C%2DC4B7BDE76899%7D&siteid=yhoof
http://tinyurl.com/3ajxhg
MS Insider: The Office Crew Isn't Smart Enough to Supplant Real Windows
Developers
,----[ Quote ]
| "With Alchin retiring, MarkL and MarkZ, two of the most talented
| architects in MS already having left, the picture gets really
| ugly for the Windows division," my friend claimed, and the BV's
| core team members, Ian McDonald, Jack Mayo, Todd Wanke, Clyde
| Rodriguez and others are starting to connect the dots.
|
| [...]
|
| He concluded ominously. "A trainwreck of biblical proportions looms.
| Pick a good seat on the sidelines, trainwrecks this large take
| awhile to complete. Vista may be the last MS OS for some time to
| come, especially if Cutler decides to play hardball."
`----
http://www.emailbattles.com/2006/09/11/ms-insider-the-office-crew-isnt-smart-enough-to-supplant-real-windows-developers/
http://tinyurl.com/35eqrt
Microsoft's Revolving Internet Door: The Talent Brain Drain Continues
,----[ Quote ]
| Robert Scoble, a very high profile blogger for Microsoft who left the
| firm a few months ago, reports that Microsoft's talent drain is
| continuing.
`----
http://biz.yahoo.com/seekingalpha/070430/33939_id.html?.v=1
Former Project Manager of Excel:
,----[ Quote ]
| The only way Microsoft has managed to hire so many people
| has been by lowering their hiring standards significantly...
`----
http://www.joelonsoftware.com/items/2006/11/24.html
Microsoft quietly tackles known Wi-Fi flaw
,----[ Quote ]
| Microsoft has quietly posted an update found here. The update
| prevents a Windows wireless client on a laptop from advertising
| its preferred wireless network list to the world at large.
|
| But the update appears to leave open the larger problem, which
| is having your laptop connect to a criminal rogue access point
| with the same default name as one of your preferred home networks.
`----
http://news.com.com/2061-10789_3-6143573.html?part=rss&tag=2547-1_3-0-20&subj=news
Vista SP1 will contain undocumented fixes
,----[ Quote ]
| Interesting email in today mailbag: “Will SP1 contain undisclosed or
| undocumented security fixes?”
|
| For some people, counting the number of security flaws that one OS has
| compared to another is important because it offers a metric upon which to
| determine which OS is the most secure (personally, I feel that it’s a bogus
| metric, but I’ll let it slide for now). However, many claim that Microsoft
| stacks the deck in its favor by not disclosing a full list of vulnerabilities
| that have been patched by omitting to include those discovered and patched
| in-house.
`----
http://blogs.zdnet.com/hardware/?p=1225
Critical Vulnerability in Microsoft Metrics
,----[ Quote ]
| This is a small subset of all the vulnerabilities, because the
| vulnerabilities that are found through the QA process and the vulnerabilities
| that are found by the security folks they engage as contractors to perform
| penetration testing are fixed in service packs and major updates. For
| Microsoft this makes sense because these fixes get the benefit of a full test
| pass which is much more robust for a service pack or major release than it is
| for a security update.
`----
http://blog.mozilla.com/security/2007/11/30/critical-vulnerability-in-microsoft-metrics/
http://antitrust.slated.org/www.iowaconsumercase.org/011607/3000/PX03096.pdf
Skeletons in Microsoft’s Patch Day closet
,----[ Quote ]
| This is the first time I’ve seen Microsoft prominently admit to silently
| fixing vulnerabilities in its bulletins — a controversial practice that
| effectively reduces the number of publicly documented bug fixes (for those
| keeping count) and affects patch management/deployment decisions.
`----
http://blogs.zdnet.com/security/?p=316
Beware of undisclosed Microsoft patches
,----[ Quote ]
| Forget for a moment whether Microsoft is throwing off patch counts
| that Microsoft brass use to compare its security record with those
| of its competitors. What do you think of Redmond’s silent patching
| practice?
`----
http://blogs.zdnet.com/microsoft/?p=527
Microsoft is Counting Bugs Again
,----[ Quote ]
| Sorry, but Microsoft's self-evaluating security counting isn't really a
| good accounting.
|
| [...]
|
| The point: Don't count on security flaw counting. The real flaw is
| the counting.
`----
http://www.microsoft-watch.com/content/security/microsoft_is_counting_bugs_again.html?kc=MWRSS02129TX1K0000535
|
|
