[25615] in bugtraq
Re: To Provide a Patch or to Service Pack?
daemon@ATHENA.MIT.EDU (ellipse)
Thu May 30 14:33:37 2002
Date: Thu, 30 May 2002 08:16:21 +0000
From: ellipse <ellipse@cipherpunks.com>
To: Georgi Guninski <guninski@guninski.com>
Cc: bugtraq@securityfocus.com
Message-ID: <20020530081621.A70503@cipherpunks.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3CF637D9.2070503@guninski.com>; from guninski@guninski.com on Thu, May 30, 2002 at 05:31:53PM +0300
> In case you have missed it, check:
> http://www.eweek.com/article/0,3658,s%253D701%2526a%253D26875,00.asp
> "...He later acknowledged that some Microsoft code was so flawed it could not be
> safely disclosed..."
What an interesting bit of hogwash and pork-barrel politics this is turning into.
"... Unlike the states' proposed remedy, the federal settlement proposal that Microsoft and the Department of Justice agreed to in November contains a carve-out that permits Microsoft to withhold API and protocol disclosures if such disclosures would compromise security. The provision is designed to address hackers, viruses and piracy, according to Allchin. ... During his second day on the stand, Allchin conceded that Microsoft has already identified at least one protocol and two APIs that it plans to withhold from public disclosure under the security carve-out."
Find a bug, and help soften the blow against us in the anti-trust case! All in the name of security!
