From: shamrock@netcom.com (Lucky Green)
Date: Tue, 9 Jan 1996 16:48:37 +0800
To: Rich Graves <cypherpunks@toad.com
Subject: Re: Microsoft continues to mislead public about Windows	  security bugs (a bitlong, with references)
Message-ID: <v02120d2dad17d87fa2cc@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:01 1/8/96, James A. Donald wrote:
>At 07:15 PM 1/8/96 -0800, Rich Graves wrote:
>>As Microsoft well knows, this is completely untrue. [...]
>>
>> [...]
>>
>>Microsoft has not even admitted that this bug in both Windows 95 and
>>Windows for Workgroups affects Windows for Workgroups, apparently because
>>they have decided not to fix it.
>>
>> [...]
>>
>> We believe that it would be highly irresponsible to release the full
>> version of this hack, but we will soon release a crippled
>> demonstration-only version
>>
>> Is anybody listening?
>
>They will listen if you start to release full uncrippled exploits, after
>a reasonable delay.

Very true. But why does it always seem to take an exploitable crack before
companies pay attention to security flaws? Is it because they are unable to
admit that they have made a mistake? Everybody makes mistakes. What's the
big deal? I really don't understand it. Any psychologists on this list?


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.