mailing list archives
Re: Re: MS Security Response is a bunch of half-witted morons
From: Valdis.Kletnieks () vt edu
Date: Sun, 14 Mar 2004 23:40:00 -0500
On Fri, 12 Mar 2004 16:09:21 EST, jim_walsh () goodyear com said:
seems a little childish. And if one was to argue that "Aanyone needs to
read these articles not just people that support M$ OS's", well to
that...most people that have a M$ OS as an end user have auto update
turned on and dont even think twice about it...if they update at all.
So - explain to me again why the fact that some users enable auto-update (which
actually is probably a good thing if the auto-updates don't break your system)
is justification for requiring poor security practices in order to read the
If Microsoft *REALLY* cared about security, it would be possible to do this:
% (echo "GET url.of.bulletin HTTP/0.9"; echo) | telnet www.microsoft.com 80
and it would Just Work, and the results should be at least somewhat readable.
For those who don't think this is possible, go look at http://www.cert.org/
advisories/CA-2001-04.html and look at the HTML source - no scripting, and the
body text is quite clean and readable.
Instead, we have the same sort of "glitz and function rather than security"
mindset which *caused* the whole mess in the first place.
- Re: Re: MS Security Response is a bunch of half-witted morons, (continued)