1996-01-12 - Re: [NOISE] Microsoft continues to mislead public about Windows security

Header Data

From: daw@quito.CS.Berkeley.EDU (David A Wagner)
To: cypherpunks@toad.com
Message Hash: a5218336fd9b994e17805b03d445e64580d45e3d3de3ac5d0b6f3416e8d8f299
Message ID: <199601120042.TAA18188@bb.hks.net>
Reply To: N/A
UTC Datetime: 1996-01-12 09:09:25 UTC
Raw Date: Fri, 12 Jan 1996 17:09:25 +0800

Raw message

From: daw@quito.CS.Berkeley.EDU (David A Wagner)
Date: Fri, 12 Jan 1996 17:09:25 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Microsoft continues to mislead public about Windows security
Message-ID: <199601120042.TAA18188@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <199601100451.UAA13211@infinity.c2.org>,
 <kolivet@alpha.c2.org> wrote:
> On Tue, 9 Jan 1996, Frank Willoughby wrote:
> > When a system is breached or a CERT Advisory is issued, this is a major
> > embarassment for the company.
> 
> What are CERT's criteria for a bulletin to be issued?  Would the previously
> mentioned Windows NT and Windows 95 security bugs qualify?

CERT normally won't publish a security warning until the manufacturers
have fixed the bug & offered a patch.  So I doubt the Win95/NT bugs will
be announced by CERT tomorrow.

If you want to publish a bug, CERT is probably not the best place to go.
CERT often ends up sitting on bugs for ages, because nobody knows about
the hole, so nobody can pressure the vendors to fix 'em, so CERT refuses
to release a bulletin-- a vicious cycle.

IMHO, embarassing public pressure often seems to be the quickest way to
get attention & fixes from uncooperative vendors...  But then again, that's
the old "full disclosure" (and "security through obscurity") debate(s).

- -- Dave "a believer in security through caffeine" Wagner
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMPWugyoZzwIn1bdtAQFYrgGAyQhuXiFCK36qFdJzEw4PSp2f/oIvpoi+
8peJmKjle86aBlY20SGYQBQoactyKcza
=3NOo
-----END PGP SIGNATURE-----





Thread