They should at least have the chance to do it. For me, 72 hours seems like a reasonable timeframe for Microsoft to reply to his report. If they didn't, _THEN_ go public.
I'll just get a couple of 80GB drives and RAID them. So, yes, it is a good thing, if the prices go down, and they did go down. (Heck, I paid ~USD1400 for that Pentium 100MHz, back then) For the few that only need 15GB and reliability, yes, it is a bad thing. But for the majority of us, cheaper/bigger drives are better.
Yes, but you can write umpteen times on a hard drive, which would mean WORM media would have to be at least a hundred times cheaper than WMRM media for it to be "cheap enough".
1. That's not true. I remember that I got my first x86 back in '96, it was a Pentium 100MHz with a 4GB hard drive. Today's common processors are more than 20 times faster than that, but a common drive is around 80GB. 2. I agree with the first bit, see #1 for the last part. 3. They're out to get me! They really are! 4. Increased storage capacity means storage space becomes cheaper, not that it becomes available. I could get 10TB of storage space today, but that doesn't mean I can afford it.
For somebody of your 'high IQ', I find it funny that you don't know that Europe isn't a country and that Poland is part of Europe. (And the EU, at that!)
Notice how I never said anything about the bugs themselves, just about the way they were reported. It doesn't matter what company we're talking about, you should give them time to solve the problem before releasing to the outside world. If they don't, it's their problem, but it's your responsability as a security 'expert' to report it to the vendor/developer _first_. 12 year olds generally are vendictive, much like yourself. And they don't like take responsability for their actions, either. Does this sound familiar?
"there are a LOT of Chinese that want to live normal lives in a normal house, and raise their familys like we do here in the USA" That's because there are a lot of Chinese, period. And not so many people that live in the USA, contrary to popular belief.
If you want absolute security, please lock your machine in a vault, throw it in the ocean and it'll probably be safe. What are the chances of it being exploited in the $time it takes developers to come up with a patch, by this black hat who knows about the bug, but didn't exploit it before the bug was reported?
That's daft, to say the least. The vulnerability was there, wether you knew about it or not. If he would've reported it to the vendor (in this case Microsoft), it wouldn't have been 'a known hole', but to the Microsoft developers. They would've came up with a patch and you could've spared your company the trouble of explaining why they had to take down their webserver for half a day, while a patch was developed/tested. As for 'why I don't use Microsoft software anymore', that's also stupid. You think other companies don't face these kinds of problems?
He should have at least try to go down that route. My guess is he wanted his five minutes in the spotlight so he decided to make it public instead of sending them to Microsoft.
It's going to help for the same reason their survey managed to show so many companies are running IIS on their servers. Because management will say "Oh, look! Shiny IIS! And they're used by X% of them Big Companies!" and go for IIS solutions.
*coughs* It's a holiday? Why, I must've missed that memo! Blast it, I'm here at work while all you people are enjoying this holiday thing! Oh. Wait. Could it be that not everybody lives in the US?
Slashdot Mirror
They should at least have the chance to do it. For me, 72 hours seems like a reasonable timeframe for Microsoft to reply to his report. If they didn't, _THEN_ go public.
Aren't we in 2004 yet?
I'll just get a couple of 80GB drives and RAID them. So, yes, it is a good thing, if the prices go down, and they did go down. (Heck, I paid ~USD1400 for that Pentium 100MHz, back then)
For the few that only need 15GB and reliability, yes, it is a bad thing. But for the majority of us, cheaper/bigger drives are better.
Dude! You forgot about the goats! How can you talk about sex and forget the goats?!
Yes, but you can write umpteen times on a hard drive, which would mean WORM media would have to be at least a hundred times cheaper than WMRM media for it to be "cheap enough".
1. That's not true. I remember that I got my first x86 back in '96, it was a Pentium 100MHz with a 4GB hard drive. Today's common processors are more than 20 times faster than that, but a common drive is around 80GB.
2. I agree with the first bit, see #1 for the last part.
3. They're out to get me! They really are!
4. Increased storage capacity means storage space becomes cheaper, not that it becomes available. I could get 10TB of storage space today, but that doesn't mean I can afford it.
For somebody of your 'high IQ', I find it funny that you don't know that Europe isn't a country and that Poland is part of Europe. (And the EU, at that!)
Notice how I never said anything about the bugs themselves, just about the way they were reported. It doesn't matter what company we're talking about, you should give them time to solve the problem before releasing to the outside world. If they don't, it's their problem, but it's your responsability as a security 'expert' to report it to the vendor/developer _first_.
12 year olds generally are vendictive, much like yourself. And they don't like take responsability for their actions, either. Does this sound familiar?
"there are a LOT of Chinese that want to live normal lives in a normal house, and raise their familys like we do here in the USA"
That's because there are a lot of Chinese, period.
And not so many people that live in the USA, contrary to popular belief.
If you want absolute security, please lock your machine in a vault, throw it in the ocean and it'll probably be safe.
What are the chances of it being exploited in the $time it takes developers to come up with a patch, by this black hat who knows about the bug, but didn't exploit it before the bug was reported?
That's daft, to say the least. The vulnerability was there, wether you knew about it or not.
If he would've reported it to the vendor (in this case Microsoft), it wouldn't have been 'a known hole', but to the Microsoft developers. They would've came up with a patch and you could've spared your company the trouble of explaining why they had to take down their webserver for half a day, while a patch was developed/tested.
As for 'why I don't use Microsoft software anymore', that's also stupid. You think other companies don't face these kinds of problems?
He should have at least try to go down that route. My guess is he wanted his five minutes in the spotlight so he decided to make it public instead of sending them to Microsoft.
Let's not forget 2.6.0-test11.
The small gods will hear it!
That just means you haven't spent enough time alone. Give it another year or so.
You never having been 'pwned' in BitchX has nothing to do with it, the bugs were there.
Doesn't this kind of defeat the purpose of running ServerMask? I mean, yes, you could run Apache and send that, but why bother?
Sort of like the standard BitchX practise of pretending you are mIRC.
Too bad BitchX had more security flaws than mIRC.
It's going to help for the same reason their survey managed to show so many companies are running IIS on their servers. Because management will say "Oh, look! Shiny IIS! And they're used by X% of them Big Companies!" and go for IIS solutions.
*coughs* It's a holiday? Why, I must've missed that memo! Blast it, I'm here at work while all you people are enjoying this holiday thing!
Oh. Wait. Could it be that not everybody lives in the US?