Re: How to Report a Security VulnerabilitytoMicrosoft

[mcbain () aol com]

I dont believe even with a staff of 100k people that one could come up with a conceivable testing environment for every 
possible network setup in this world, could you?
 
And yes making the disclosure private does earn Billgates more money.  But thats not WHY they want it private and 
honestly , putting your billg flaming aside (lol) , you know thats the truth.  0day and worms which is the alternative, 
terrorist activity is not what they want.
 
Mike
www.michaelevanchik.com
 
 
 
-----Original Message-----
From: Georgi Guninski <guninski () guninski com>
To: mcbain () aol com
Cc: full-disclosure () lists grok org uk
Sent: Wed, 13 Apr 2005 00:14:17 +0300
Subject: Re: [Full-disclosure] How to Report a Security VulnerabilitytoMicrosoft


On Tue, Apr 12, 2005 at 05:00:46PM -0400, mcbain () aol com wrote:
>  
> The reason for this (from redmond) is they cannot break computers that are out 
there. There tolerance has to be even below one percent ,and even that is too 
much and finally conceded with them on their points.  Also, they do not "patch" 
they find the root of the problem which adds more time.  So you should be seeing 
less workarounds of microsoft patches. 
>

they are breaking computers out there all the time.

so they know their code is a mess, but want the 0day to be private to them
for 5 months so they can profit more. a nice plan.

i thought bill's trusthy computing intiative cured the "root of the
problem" or not? the m$ whores patching holes for several billions worth and
*more* exploits left?

-- 
where do you want bill gates to go today?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/