Re: A view askew?

[Gadi Evron <ge () linuxbox org>]

Dave Aitel wrote:
> I have to say, it's certainly odd that Microsoft was able to convince 
> US-CERT, SANS, most of the major IDS vendors, and a few other people to 
> not release alerts on the WINS bug, which came out last Thursday, until 
> tommarow morning. It's not Thanksgiving anywhere but here, but all your 
> security efforts were hamstrung by Microsoft to fit a US audience.

I just discussed this with a friend, and we both agreed this is not evil 
or lame, it is just that they are plain and simple winnies. :P

Seriously though.. as my friend said, they are treating security as a PR 
issue rather than anything else. And this is how you deal with PR problems.
If anything, they are heading backwards in regards to security.

One interesting note is that bugtraq did let it through moderation.. 
what does that say about SYMC and MS relations?

We have all seen cases in the past where security information did not go 
through this or that security mailing list because it was not beneficial 
to this or that owner.

Now it seems like the time has come where security knowledge can be held 
back almost completely for commercial reasons AFTER it has been 
released.. this is not right and I am not sure if I have any solution at 
hand that I can think of.

Perhaps a list of sites that did publish it needs to be made? SecuriTeam 
is usually straight with these things - www.securiteam.org.

        Gadi.
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave