Re: [Full-disclosure] How to Report a Security VulnerabilitytoMicrosoft

[mcbain@xxxxxxx]

I dont believe even with a staff of 100k people that one could come up with a 
conceivable testing environment for every possible network setup in this world, 
could you?
 
And yes making the disclosure private does earn Billgates more money.  But 
thats not WHY they want it private and honestly , putting your billg flaming 
aside (lol) , you know thats the truth.  0day and worms which is the 
alternative, terrorist activity is not what they want.
 
Mike
www.michaelevanchik.com
 
 
 
-----Original Message-----
From: Georgi Guninski <guninski@xxxxxxxxxxxx>
To: mcbain@xxxxxxx
Cc: full-disclosure@xxxxxxxxxxxxxxxxx
Sent: Wed, 13 Apr 2005 00:14:17 +0300
Subject: Re: [Full-disclosure] How to Report a Security VulnerabilitytoMicrosoft


On Tue, Apr 12, 2005 at 05:00:46PM -0400, mcbain@xxxxxxx wrote:
>  
> The reason for this (from redmond) is they cannot break computers that are 
> out 
there. There tolerance has to be even below one percent ,and even that is too 
much and finally conceded with them on their points.  Also, they do not "patch" 
they find the root of the problem which adds more time.  So you should be 
seeing 
less workarounds of microsoft patches. 
>

they are breaking computers out there all the time.

so they know their code is a mess, but want the 0day to be private to them
for 5 months so they can profit more. a nice plan.

i thought bill's trusthy computing intiative cured the "root of the
problem" or not? the m$ whores patching holes for several billions worth and
*more* exploits left?

-- 
where do you want bill gates to go today?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/