|
Full Disclosure
mailing list archives
RE: InfoSec sleuths beware ...
From: "Aditya, ALD [Aditya Lalit Deshmukh]" <aditya.deshmukh () online gateway technolabs net>
Date: Thu, 19 Feb 2004 11:34:49 +0530
-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com]On Behalf Of Nancy Kramer
Sent: Thursday, February 19, 2004 6:17 AM
To: Gregory A. Gilliss; full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] InfoSec sleuths beware ...
What Gregory says makes a lot of sense. MS is trying to use free
labor to
improve their competitive advantage. The good thing about it is that MS
software will probably be more secure as a result for the
endusers and the
net community as a whole.
maybe that would reduce the number of stupid viruses and other ma(i)lware that send out spam and pound out apache
servers with tons of useless requests and fill out inboxs with spam
as the people with real security background are working on the source code, ms should do its end users a favor and
release all the source code for public review!
guys be sure to send your bills to microsoft after your work of finding bugs bears some fruits.. security source code
review does not come cheap and let ms know that ( p'robally they already know this )
-aditya
Regards,
Nancy Kramer
Webmaster http://www.americandreamcars.com
Free Color Picture Ads for Collector Cars
One of the Ten Best Places To Buy or Sell a Collector Car on the Web
At 04:45 PM 2/18/2004, Gregory A. Gilliss wrote:
Did I miss the thread or has no one yet postulated that the Microsoft
source code subset was leaked intentionally in order to afford M$ the
free services of hundreds or thousands of security researchers auditing
their code for them?
It is a known fact that Windows 2000 and XP are soon to be depreciated
in favor of the next generation OS. W2K and WXP will be supported for
another year or so afterwards. The new component probably will contain
some of the current code set, so why not risk a couple of
serious exploits
(like M$ cares) in favor of getting your code certified by the community
for free?
G
On or about 2004.02.18 13:06:44 +0000, Blue Boar
(BlueBoar () thievco com) said:
There are clear, admitted cases of reverse engineering by vulnerabiity
researchers, which are prohibited by EULA, and which MS has so far
declined to pursue. Why should this be different? MS afraid the EULA
restrictions wouldn't hold up?
--
Gregory A. Gilliss, CISSP E-mail:
greg () gilliss com
Computer Security WWW:
http://www.gilliss.com/greg/
PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9
B4 14 0E
8C A3
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
________________________________________________________________________
Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
 By Date 
By Thread
Current thread:
- Re: InfoSec sleuths beware, Microsoft's attorneys may be knocking at your door, (continued)
|
Intro
