Slashdot Mirror


GDI Vulnerabilities: An Open Letter to Microsoft

UnderAttack writes "Tom Liston, the guy that brought us the LaBrea Tarpit, wrote an open letter to Microsoft regarding the GDI JPEG vulnerability, and Microsoft's scanning tool for this vulnerability, which he calls 'worse then useless'. Tom, who wrote his own scanning tool, ends his letter with 'Please stop treating your customers like idiots and give us information; information that we can use.' Like Tom explains, the official Microsoft scanning tool misses a lot of vulnerable DLL's installed by third parties, and Microsoft fails to explain if these libraries are a problem or not."

9 of 444 comments (clear)

  1. They don't treat their customers like idiots by Feminist-Mom · · Score: -1, Redundant

    I use XP and it works fine. True I have to install security patches now and then, but it does for me what I need. Any big company is going to have troubles like these.

  2. Yeah, right. by Anonymous Coward · · Score: -1, Redundant

    What a moron.

    Why should Microsoft be responsible for checking third party libraries?

    Oracle probably doesn't check for DB2 vulnerabilites either.

  3. GDI Vulnerabilities by Anonymous Coward · · Score: -1, Redundant

    How is MS responsible for 3rd party dlls. Why dont you contact the 3rd party vendors and ask them whether this bug affects their application or not. Writing open letter to MS would do no good.

  4. Re:Hate to quote a quote but... by 42sd · · Score: 0, Redundant

    I think it should be 'worse than useless'
    Their you go.

    Just a simple grammar error.

    (..yes it was intentional.. laugh)

  5. Dear Michael, you suck by mrvis · · Score: -1, Redundant

    "Worse then useless" would mean that something is worse, then it is followed by useless.

    "Worse than useless" which is the actual quote, is correct English.

  6. Wrong quote by Nybble's+Byte · · Score: -1, Redundant

    He didn't say it is worse THEN useless, he said it is worse THAN useless.

    Learn how to spell! If we don't do so, how can we expect others to learn and use our language correctly?

  7. Re:er, by flushtwice · · Score: 0, Redundant
    So, is Linus going to put out an advisory that there may be some random explit in the Gimp...

    OK, let's get a few things straight: You start with Linux as the kernal, and Linus wrote that... Then other people (like RMS) came along and started bundling it with an OS, and we call them GNU/Linux, then still more people customized those things into distros with additional software written by completely separate entities (such as "The Gimp"), so to make a long story short: Linus is not responsible for programs like "The Gimp" ever!

    It's not like Microsoft. The various distros contain software written by litterally thousands of contributors, and Linus is just one of them. He really can't even stop people from releasing modified versions of his own code so long as they follow the guidelines of the GPL.

  8. Amusing, but... by JustNiz · · Score: 0, Redundant

    I bet he won't get a response from anyone at Micro$oft who matters...

  9. Re:Rules for this story by rd_syringe · · Score: 0, Redundant

    Interesting that you completely disregarded point #3.