Re: How to Report a Security VulnerabilitytoMicrosoft

[mcbain () aol com]

 well said, and not because i know you paul, or because i was also there this week/weekend.  Your exactly right. 
 
   They do want you to communicate with them (or vendors) in a more responsible manner but at the same time totally 
admit to their "PR issue" and how they have handled bug finders in the past and internal security in the past and are 
changing.  There email in this thread is exactly the truth as it was written.
 
I also did enjoy unloading 1500$ worth of paint all over them
=)
 
Mike
www.michaelevanchik.com 
 
-----Original Message-----
From: tuytumadre () att net
To: Jason Coombs <jasonc () science org>
Cc: Full-Disclosure <full-disclosure () lists grok org uk>
Sent: Mon, 11 Apr 2005 08:25:04 +0000
Subject: Re: [Full-disclosure] How to Report a Security VulnerabilitytoMicrosoft


Jason Coombs's comments and my replies:

> Wow, Paul. You sell your soul for a couple of mouthfuls of food? 

I personally find this offensive. There was no "soul-selling" during my visit. 
My comment was made to show that the guys (at least those that I met at MS) were 
not brainwashed drones working for big brother as well as to prove the fact that 
I don't work for Microsoft. 

> No way is Microsoft to be trusted just because there are a bunch of 
> potentially-good people doing technical work in the trenches. They are called 
> 'pawns' and the abuse and exploitation of those people is legendary. 

I also met a very important person who is in charge of Internet Explorer. He is 
not out to get anyone with his world domination schemes as you like to imply. 
You are right, however, when you say that they are not to be trusted "just 
because there are a bunch of potentially-good people doing technical work in the 
trenches." They are to be trusted because they are looking out for us and our 
right to information privacy/safety.

> I say 'potentially' good because any one of them could, at any moment, quit 
> Microsoft and by so doing prove themselves dedicated to creating a better 
future 
> for everyone, even when it means a little personal hardship to do so. 

I must ask how this would prove oneself dedicated to creating a better future. 
Wouldn't that worsen the future? I meen look at how many people use Microsoft 
products. If everyone quits Microsoft, there would be no more Internet Explorer, 
Windows, Office, etc. I don't know about you, but I am certainly not about to 
commit to teaching my grandmother the intricate workings of a linux workstation, 
especially for the reason that about all she can do is turn on her computer and 
check her email.

You say a little personal hardship as if quiting one's job is a minor thing. 
What if I told you that I didn't like your company and that you should quit your 
job because it will be of little personal hardship to you, your spouse, or your 
children (if any). In America, with the economy as it is, if you quit your job 
because you want to "stick it to the man," and then you expect to find another 
job right away, I have this to say to you: "good luck."
 
> You may have temporarily forgotten that the executives at Microsoft have done 
> terrible things that have harmed every person on Earth. Fortunately, the rest 
of 
> us haven't. 

Huh? If by terrible things you meen revolutionize the way we communicate and 
interact with each other and the world around us, then you are right on the 
money.
 
> Microsoft must know how to pick a nice bottle of wine. 
I actually don't drink alchohol.

Sincerely,
Paul
Greyhats Security Group
http://greyhatsecurity.org
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/