|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: FW: RFP2K03: Contemplations on dvwssr.dll and how it affects
From: Steve (steve
SECURESOLUTIONS.ORG)Date: Fri Apr 21 2000 - 12:17:28 CDT
- Next message: eEye Digital Security: "Re: FW: RFP2K03: Contemplations on dvwssr.dll and how it affects life"
- Previous message: Steve: "Re: RFP2K03: Contemplations on dvwssr.dll and how it affects life"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> Obviously, this statement acknowledges "facts" which don't exist.
> There never was a "backdoor password" in dvwssr.dll. Were I in
> Russ Cooper's shoes, and Birdis called me to comment on a story
> that was "confirmed" by Lipner, I would naturally assume it must
> be true since an official MS spokeman had confirmed it to the
> press. If it were not true, why on earth
> > would Microsoft admit to the charge?
But why would you say such a thing without knowing for sure? If the
media asked you about it, and you didn't have first hand knowledge of
the validity of the remarks, why would you put your neck on the line
and comment about it?
>
> At that point, all Russ is doing is providing expert opinion
> regarding the
> risks associated with an already confirmed vulnerability. Russ
> could perhaps be chastised for not confirming the story with
> Lipner
> himself, but
> had he contacted Lipner for verification, why would Lipner have
> told him anything different? He obviously had enough confidence
> in his "facts" to release them to the press.
>
In my opinion, an expert opinion is an opinion based on first hand
knowledge and research. Simply spouting out something based on what
you have heard is not expert opinion, it is plain irresponsible and
stupid. Do we even know if Russ had the facts when he commented to
the media? Or did he just simply know what Lipner has said to the
media. This we will probably never know for sure. But, I would
think that if Russ had the facts, he would have done his own
research.
>
> Microsoft completely blew this one,and in the process, contributed
> to the increased misunderstanding of the general public regarding
> the true risks of poor software engineering and closed source
> code.
>
You are correct in this statement. Lipner should have simply given
the press the "No comment" until he and the rest of MS had an
opportunity to research the actual problem.
- -Steve
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBOQCNITV9eGvIXwM6EQJyagCgsXWIdarZZD21yR2EJ+3p0SPWWhEAn33W
D9wqiHhPcPoBzpHAkWvSpXZk
=NFEu
-----END PGP SIGNATURE-----
_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net
- Next message: eEye Digital Security: "Re: FW: RFP2K03: Contemplations on dvwssr.dll and how it affects life"
- Previous message: Steve: "Re: RFP2K03: Contemplations on dvwssr.dll and how it affects life"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]