|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-Disclosure] Microsoft Cries Wolf ( again )
From: ATD (simon
snosoft.com)
Date: Tue Jul 01 2003 - 11:10:54 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Amen
On Tue, 2003-07-01 at 07:37, KF wrote:
> >
> >
> >The solution to this problem lies in the hands of the vendors, *not* in the hands of the researchers.
> >
> *This is no lie... after a while one (researchers) simply gets tired of
> bending over backwards
> to get the vendor to listen. You get to a point where you simply don't
> care sometimes...*
> vendors are frustrating... they first act like they can't talk to you
> unless you are
> paying for support... then the don't understand what it is you are
> trying to say...
> then they claim that oh thats not a business critical issue we are gonna
> sit on our
> rump for 6 months and then maybe we will fix it.... IF you even make it
> to that
> point...
>
> For examle I am waiting on a certain 3 letter company to get back to me
> on a local root
> exploit... I used their web based email form which claims a 24 hour
> response time... its
> now 5 days later and no response... that failed so I start the usual
> blind emails to security
> support somebodyfirggenhelpme and no one responds... so then I call
> their phone and
> go through every friggin option in their PBX system.. still can't find
> someone to help out...
>
> "... security staff... what do you mean... I have never had someone ask
> something like that"
> me: you know... like I have a security issue with your product... you
> need to fix it...
> "thats interesting... I'll have to see what I can find... we never get
> calls like this"
> me: *sigh*
>
> I have done my due dilligence... here in about 1 day the problem is 100%
> theirs... I will give
> the public the old chomd -s reccomendation and be done with it...
>
> Someone in the .gov get us a vendor responsibility bill or something...
> -KF
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQA/AbKOf3Elv1PhzXgRArj7AKC6KbTH6l0fKMDgAVaj/4iR6Euy9wCffX0+
JxI8xLMllpjIS1+dxXo8IMw=
=Yxif
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]