IWETHEY v. 0.3.0 | TODO
1,095 registered users | 1 active user | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

IWETHEY Home / IWETHEY Board / Suggestions Forum / Can I have a Security forum again? Please?
Post #11,911
by tseliot
Picture of tseliot
10/5/01 11:10:24 AM
Reply
New Can I have a Security forum again? Please?
Pretty please with sugar on top?

First item follows:
That's her, officer! That's the woman that programmed me for evil!
Post #11,912
by tseliot
Picture of tseliot
10/5/01 11:12:44 AM
Reply
New "Cost and effect" is usually a strength of MS..why not here?
The responsibility for Microsoft's products rests with Microsoft alone, and we take that responsibility very seriously. However, there has traditionally been an unwritten rule among security professionals that the discoverer of a security vulnerability has an obligation to give the vendor an opportunity to correct the vulnerability before publicly disclosing it. This serves everyone's best interests, by ensuring that customers receive comprehensive, high-quality patches for security vulnerabilities but are not exposed to malicious users while the patch is being developed. Once customers are protected, public discussion of the vulnerability is entirely in order, and helps the industry at large improve its products.

Many security professionals follow these practices, and Microsoft wants to single them out for special thanks. The acknowledgment section of our security bulletins is intended to do this. When you see a security professional acknowledged in a Microsoft Security Bulletin, it means that they reported the vulnerability to us confidentially, worked with us to develop the patch, and helped us disseminate information about it once the threat was eliminated. They minimized the threat to customers everywhere by ensuring that Microsoft could fix the problem before malicious users even knew it existed.


If MS had any brains, they would pay some piddling sum to people who find security holes and report them first to Microsoft. If anyone is in a position to profit from this, it's MS--they're already seen as a monolith, so getting a "thank you" becomes rapidly less meaningful. And it wouldn't cost them any more than they're paying their security department now anyway...

$50 each?
That's her, officer! That's the woman that programmed me for evil!
Post #11,914
by Silverlock
10/5/01 11:25:44 AM
Reply
New Hmmmm.
$50 for each security hole reported? Umm, wouldn't that tend to depress their stock prices as the money rapidly drains out of their stockpile into the hole finders hands? Sheesh, they would end up in the red in no time.

:)
For every human problem, there is a neat, simple solution;
and it is always wrong
H. L. Mencken, Mencken's Metalaw
Post #11,921
by admin
Picture of admin
10/5/01 11:35:47 AM
Reply
New Please...
... don't follow this up here...
Regards,

-scott anderson
Post #12,029
by wharris2
10/5/01 10:05:09 PM
Reply
New Can't be *that* many holes
um, surely there can't be

Right?

Who knows how empty the sky is
In the place of a fallen tower.
Who knows how quiet it is in the home
Where a son has not returned.

-- Anna Akhmatova (1889-1966)
Post #11,924
by tseliot
Picture of tseliot
10/5/01 11:50:01 AM
Reply
New Like this example, which someone else reminded me of:
[link|http://cr.yp.to/qmail/guarantee.html|[link|http://cr.yp.to/qmail/guarantee.html|http://cr.yp.to/qmail/guarantee.html]]

That's her, officer! That's the woman that programmed me for evil!
Post #11,920
by admin
Picture of admin
10/5/01 11:35:20 AM
Reply
New Well...
Ad Min paused for a moment's reflection.
"Tricky," he said finally.
"But can you do it?"
Again, a significant pause.
"Yes," said Ad Min, "I can do it."
"There is an answer?" said Brewer with breathless excitement.
"A simple answer?" added Lunkwill.
"Yes," said Ad Min. "Life, the Universe, and a Security Forum. There is an answer. But," he added, "I'll have to think about it."

(seven and a half million years later)

The problem is that 1) we don't have a means of providing for forum headers yet and 2) I too busy today, and I'm leaving for a computer-free weekend immediately after work.

Maybe for now emulate Wade, and post the story in the Open Forum?


Regards,

-scott anderson
Post #11,922
by tseliot
Picture of tseliot
10/5/01 11:46:43 AM
Reply
New I only want one, with no header.
Just a generic Security forum in Area 51. One and only one for all time.
That's her, officer! That's the woman that programmed me for evil!
Post #11,926
by admin
Picture of admin
10/5/01 11:52:37 AM
Reply
New Done.
I trust you'll copy your stuff in there now?
Regards,

-scott anderson
Post #11,940
by tseliot
Picture of tseliot
10/5/01 1:01:22 PM
Reply
New But of course. :)
That's her, officer! That's the woman that programmed me for evil!
     Can I have a Security forum again? Please? - (tseliot) - (9) - Oct. 5, 2001, 11:10:24 AM EDT
         "Cost and effect" is usually a strength of MS..why not here? - (tseliot) - (4) - Oct. 5, 2001, 11:12:44 AM EDT
             Hmmmm. - (Silverlock) - (2) - Oct. 5, 2001, 11:25:44 AM EDT
                 Please... - (admin) - Oct. 5, 2001, 11:35:47 AM EDT
                 Can't be *that* many holes - (wharris2) - Oct. 5, 2001, 10:05:09 PM EDT
             Like this example, which someone else reminded me of: - (tseliot) - Oct. 5, 2001, 11:50:01 AM EDT
         Well... - (admin) - (3) - Oct. 5, 2001, 11:35:20 AM EDT
             I only want one, with no header. - (tseliot) - (2) - Oct. 5, 2001, 11:46:43 AM EDT
                 Done. - (admin) - (1) - Oct. 5, 2001, 11:52:37 AM EDT
                     But of course. :) -NT - (tseliot) - Oct. 5, 2001, 01:01:22 PM EDT

I suspect that this sword is forged.
100 ms