[13450] in bugtraq
Re: Microsoft Security Bulletin (MS00-005)
daemon@ATHENA.MIT.EDU (Brock Tellier)
Thu Jan 20 16:25:17 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Message-Id: <20000119181805.24702.qmail@nwcst314.netaddress.usa.net>
Date: Wed, 19 Jan 2000 12:18:05 CST
Reply-To: Brock Tellier <btellier@USA.NET>
From: Brock Tellier <btellier@USA.NET>
X-To: Pauli Ojanpera <pauli_ojanpera@HOTMAIL.COM>,
BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
Content-Transfer-Encoding: 8bit
Pauli Ojanpera <pauli_ojanpera@HOTMAIL.COM> wrote:
>
> They failed to mention me!
>
> If Microsucks wants users to audit their shit they should
> at least give the credit to whom the credit is due. Fix
> http://www.microsoft.com/security/bulletins/MS00-005faq.asp
> credits also.
This seems to be the trend among bloated, closed-source OS's like Microsoft's
Windows and, in my case, SCO's UnixWare/OpenServer. Although the hackers on
Bugtraq have done more to help their products than their entire team of
well-paid engineers, we recieve absolutely no credit. Credit shouldn't be
given in order to inflate egos, but instead to point out to those who aren't
on the mailing list that Microsoft did not find the hole in question, that the
real work was done by someone else. Simply because MS/SCO doesn't post source
code in their own advisories doesn't mean they shouldn't have to give credit.
Whatever happened to intellectual property? By posting our ideas without due
credit, they are stealing our work and degrading our efforts.
Meanwhile, kudos to some of the vendors who've attempted to do the right
thing. From personal experience, SuSE and FreeBSD come to mind.
Brock Tellier
UNIX Systems Administrator
Chicago, IL, USA
btellier@usa.net
____________________________________________________________________
Get free email and a permanent address at http://www.netaddress.com/?N=1
