Slashdot Mirror
Microsoft Blames the Messengers
Roger writes: "In an essay published on microsoft.com, Scott Culp, Manager of the Microsoft Security Response Center, calls on security experts to "end information anarchy" and stop releasing sample code that exploits security holes in Windows and other operating systems. "It's high time the security community stopped providing the blueprints for building these weapons," Culp writes in the essay. "And it's high time that computer users insisted that the security community live up to its obligation to protect them." See the story on Cnet News.com."
boy, we're sure learning that lesson fast!
They're trying to say "stop finding holes faster than we can make...err...fix them". My my what a cheap political backstab.
I am !amused.
Yes, I realize that this isn't a fix, but if obscurity makes it just a little harder for people to do bad things then I don't see why it's such a bad thing. Especially in the case of Microsoft, where only they can fix the source, why should the security companies publish the source on the web instead of sending it directly to microsoft? What gains are there to be had by having the source displayed all over the web?
Because, if the security hole didn't exist in the first place, then Microsoft wouldn't have to worry about all this bad press starting to cost them business; and more importantly mindshare.
there are no stupid questions, but there are a lot of inquisitive idiots
Information Anarchy? What? Do doctors complain about information anarchy when patients research treatments for diseases on the web?
Doesn't this guy realize that our systems are becoming more secure everyday, now that people have to take worms, trojans, DoS attacks seriously. Maybe he should bet back to securing Microsoft products and spend less time complaining about system admins trying to share info.
It's high time we stopped teaching Chemistry and Biology! People are spreading information that essentially maps out exactly how the human body works, which allows for all sorts of chemical and biological weapons! And explosives, too!
In other news, Master Lock wants to release a new model made out of twine and butter. They ask the community to avoid discussing the security of the lock, since they anticipate it getting deployed widely, and once the ButterLock is being used to secure mission-critical systems, it will be extremely important to keep its flaws a secret.
--
Mod up a post Rob doesn't like and you'll never mod again
In other news, Microsoft has purchased a secret weapon of vast destruction, code named Blamethrower. It strikes out at random targets, displacing reality at near the speed of light.
Zot!
Any connection between your reality and mine is purely coincidental.
What a great idea! Then all the malicious hackers will know how to exploit security holes, while those in charge of security won't. Wait a second...isn't that kind of like asking security guards not to carry guns, because those guns might hurt someone?
which is why you should always point with an open hand ;)
-
Ah yes, just found my "MSspin2english" translator. Let's see how those comments look now:
"It's high time that the security industry stopped pointing out all of the blatant security flaws in our programs", Culp writes. "Since we insist on developing OSes and highly-integrated applications tuned for usability, rather than security, we can't make as much money as we're accustomed to making, what with all of these viruses/worms targeted at our products."
Culp adds, "it's time that the security industry be held responsible for these worms and viruses, rather than the companies who make products such as ours. By pointing the finger at the amorphous 'security industry', we're better able to deflect blame for the recent rash of high-profile MS OS and web server exploits."
The pomposity of the professor is inversely proportional to the difficulty and importance of the subject being taught.
Microsoft Messenger
Microsoft Outlook
Microsoft Outlook Express
Microsoft Internet Explorer
Microsoft.........
"Yes," said kingdom spokesman Jim Dilldunnam, "the Emperor is aware of his nudity. But His Majesty's nakedness would not be a problem for the uneducated masses if you irresponsible media types would just cease telling them about it."
== Paul Rickard, Editor of The Microsoft Boycott Campaign ====
I think we should AGREE with Microsoft on this one and then go one step farther: call for a total silence from all security people about Microsoft products. Don't publish or report ANY bugs, holes, or security problems. But don't change a thing when it comes to full disclosure of other products.
A temporary negative side effect would be Microsoft would get a boost in marketing ("See, we don't have as many bugs as reports show other software packages/OSs do.").
The long-term positive effect would be Microsoft would no longer get free debugging by the community, and would end up suffering even more from security through obscurity while other software developers and open source packages would become more secure. In the long run, this would be of great benefit to everyone except Microsoft.
Let's do it! Total silence from now on about ALL Microsoft security problems/bugs/etc.
Holy shit...I wonder if they do have a nefarious plan to make Linus waste his resources protecting his trademark. After all, you gotta protect it, or you lose it... That's really scary.
Best. Comment. Ever. Enjoy!
That has to be the world's biggest cop out that I've ever seen. Pathetic! "Stop showing the smart people our sloppy code, they make it break!"
~LoudMusic
No sig for you. YOU GET NO SIG!
Probably the next thing in the MS EULA is;
Any SECURITY HOLE bundled with the SOFTWARE PRODUCT is the property of Microsoft and protected by copyright laws and international copyright threaties.
And it's high time that people insisted that the free speech community live up to its obligation to protect them from reality.
my other sig is a 500 page novel