[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] Microsoft prepares security assault on Linux
- To: <jasonc@science.org>, <support@mmicman.com>
- Subject: RE: [Full-Disclosure] Microsoft prepares security assault on Linux
- From: "Russ" <Russ.Cooper@rc.on.ca>
- Date: Thu, 13 Nov 2003 02:49:11 -0500
Jason said;
>I wrote an information security book last year under contract with
>Microsoft Press. The book was never published -- among other things it
>explains truthfully the poor security condition of Windows and offers
>detailed instructions and advice for defending against Microsoft's bad
>business practices and incorrect security decisions.
Because maybe a book isn't needed to describe what I describe in 3 pages, 10
points, keystroke by keystroke, button click by button click, documentation.
Assuming the requisite files are on hand, it takes less than an hour to
"harden" an IIS box against all of this years attacks, and the document was
written 2 years ago.
Fine, my 3 pages doesn't help "to educate developers of Web applications so
that fewer new vulnerabilities would have been created.", but at least mine got
published to our customers...;-]
>Microsoft suppresses awareness of vulnerabilities in order to profit.
Funny how they've always encouraged me with NTBugtraq, that would seem to be at
odds with your perception of their position. Funny how I once tried to convince
them to bury a vulnerability patch in a service pack rather than release a
security bulletin, and there was no way they would have it.
The old adage, "You catch more flies with honey" seems to often be the opinion
of publishers, one reason I've never written a book (no publisher wants to
publish a book written the way I write...;-]) Since they're putting the money
up, I have to assume they have good stats on the demographics of who will buy
it and what the buyer expects. Its their audience, write it for yourself,
publish it yourself (as you've done.) That they thought it wasn't going to be
profitable (from a publishing perspective) doesn't necessarily mean Microsoft
is trying to "suppress awareness of vulnerabilities", it could just mean they
didn't think it would sell.
Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html