Slashdot Mirror


GDI Vulnerabilities: An Open Letter to Microsoft

UnderAttack writes "Tom Liston, the guy that brought us the LaBrea Tarpit, wrote an open letter to Microsoft regarding the GDI JPEG vulnerability, and Microsoft's scanning tool for this vulnerability, which he calls 'worse then useless'. Tom, who wrote his own scanning tool, ends his letter with 'Please stop treating your customers like idiots and give us information; information that we can use.' Like Tom explains, the official Microsoft scanning tool misses a lot of vulnerable DLL's installed by third parties, and Microsoft fails to explain if these libraries are a problem or not."

8 of 444 comments (clear)

  1. But Microsoft customers are idiots by Hot+Summer+Nights · · Score: -1, Flamebait

    Everyone on Slashdot knows that.

    --
    Karma: Terrible - and proud of it!
  2. Re:er, by Zambarra · · Score: 0, Flamebait

    er, by creating a fucked up homogenous environment which encourages or rather beats 3rd parties into writing crappy software?

  3. Re:It's actually a tough job even on Linux by Anonymous Coward · · Score: -1, Flamebait

    RTFCL!!!

  4. Re:No Warranty Implied by Zebbers · · Score: 0, Flamebait

    You dumbass. MS SELLS THEIRS. As A PRODUCT. His is a free gift, a tool. There is a fundamental difference.

  5. Re: Your quote by ConceptJunkie · · Score: 0, Flamebait

    You aren't willing (or able) to back up your claims? Come clean, are you really Dan Rather?

    --
    You are in a maze of twisty little passages, all alike.
  6. Re:This is NOT just a Microsoft bug! by Anonymous Coward · · Score: -1, Flamebait

    Who cares! Microsoft should burn in hell for this, no matter who's fault it is. Lets converge on their headquarter steps and demand the heads of their executives, and rip them to shreds!

    AAAARRRRGGGGHHHHHHH!!!!

  7. This is pointless by Anonymous Coward · · Score: -1, Flamebait
    This whole discussion is a waste of time. Anybody who cares about the security of his/her computer is either not running Windows at all, or is behind a firewall.

    Most people don't really care about security, because they have never thought through the consequences of a break-in.

  8. Re:Hate to quote a quote but... by danheskett · · Score: -1, Flamebait

    I want to know what law is violated by publishing crappy software. Is that so hard to understand?

    The poster implied that this was almost criminally negligent. I want to know if he just made that up for dramatic effect or not.

    For example, the definition of "criminal negligence" is:

    gross deviation from the standard of care expected of a reasonable person that is manifest in a failure to protect others from a risk (as of death) deriving from one's conduct and that renders one criminally liable called also culpable negligence

    I am asking what standard of care is expected from MS? And what is the manifest risk here?

    Get it? What type of loser are you. Can't take discussion is it possibly maybe in someway disrupt your preconceived notions?

    Aww. Imagine that. I am asking someone to backup a legal claim. Some people are actually lawyers, you know.