Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: HggdH (hggdh_at_attbi.com)
Date: Fri Nov 22 2002 - 13:24:50 CST
. From: "Paul Szabo" <pszmaths.usyd.edu.au>
. To: <bugtraqsecurityfocus.com>; <full-disclosurelists.netsys.com>
. Sent: Friday, November 22, 2002 04:36
. Subject: [Full-Disclosure] MS02-065 vulnerability
. Is this what Microsoft calls "responsible disclosure"?
Please note they do recognise it, and also state that one should trust
*noone*, including Microsoft.
Quoting: "What steps could I follow to prevent the control from being
silently re-introduced onto my system? The simplest way is to make sure you
have no trusted publishers, including Microsoft."
I do think this is "responsible disclosure". Even more: I think they did the
right thing, when stated it. Would you rather have Microsoft *not* stating
The only point I think should be made here is that Microsoft should have
stated it clear and loud -- perhaps on it's own Security Bulletin. How many
people really go and read it? After all, Microsoft is actually saying "do
not trust me".
The real interesting part, for me, is that the trust on the trusting
mechanism has been shattered. Finally.
Full-Disclosure - We believe in it.