GDI Vulnerabilities: An Open Letter to Microsoft

UnderAttack writes "Tom Liston, the guy that brought us the LaBrea Tarpit, wrote an open letter to Microsoft regarding the GDI JPEG vulnerability, and Microsoft's scanning tool for this vulnerability, which he calls 'worse then useless'. Tom, who wrote his own scanning tool, ends his letter with 'Please stop treating your customers like idiots and give us information; information that we can use.' Like Tom explains, the official Microsoft scanning tool misses a lot of vulnerable DLL's installed by third parties, and Microsoft fails to explain if these libraries are a problem or not."

Re: Your quote

[ConceptJunkie]

Liberal (adj.): Free from bigotry; open to progress; tolerant of others.

So you're saying most lefties really aren't liberals, and a lot of conservatives are? That would be my conclusion.

Rules for this story

[rd_syringe]

I feel the need to lay out some ground rules before we go on:

1.) Microsoft is somehow responsible for all third-party DLLs on a system. Their scanner must contain a self-sufficient, learning AI that just "knows" which DLLs to scan on any system in existence.

2.) Mozilla was affected by this same vulnerability, but it's okay because it's Mozilla and not Microsoft.

3.) When Mozilla's XUL bug was marked "Confidential" since 1999 only to be revealed earlier this year when exploits came out for it, that's okay too. There won't be any "open letters" to Mozilla over it, because it's Mozilla and not Microsoft.

I hope we can all follow these simple ground rules in the discussion to follow. Thank you.