[17903] in bugtraq
Re: Microsoft Security Bulletin MS00-092
daemon@ATHENA.MIT.EDU (Forrest J. Cavalier III)
Mon Dec 4 14:14:42 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7BIT
Message-Id: <200012020458.eB24wjd26886@bean.epix.net>
Date: Fri, 1 Dec 2000 23:58:02 -0500
Reply-To: forrest@mibsoftware.com
From: "Forrest J. Cavalier III" <mibsoft@MIBSOFTWARE.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
I dislike this new format of MS security bulletins.
1. First, I am annoyed. It is more convenient to quick scan
details in an email, rather than open up a browser.
There must be many people who still read their email off-line.
Also MS00-92 did not show as clickable links (because of the
omission of "http://"), but, maybe I should just be happy that
I don't have to enable javascript to read the page.
Then I started thinking a little more, and thought
there were some additional problems with providing
just a URL, and few, if any details.
2. Will this URL work a year from now, with any plain
HTML browser?
Microsoft has had a habit of moving things
around on their web sites, and then not providing
redirects.
(They've been better at this recently, to be sure,
but there was a time that microsoft URLs had a half-life
of a few months. And occasionally required enabling
javascript.)
3. Will we have to pay to access this URL a year from now?
4. Will Microsoft announce every correction/clarification in email, or
will they sometimes update the web page silently (the way they sometimes
seem to update and pull patches)?
I hope that the original discoverers of these vulnerabilities
continue to publish details, or at least summaries in email.
If I get a vote, I vote to return to the old format.
--
Forrest J. Cavalier III, Mib Software Voice 570-992-8824
http://www.rocketaware.com/ has over 30,000 links to
source, libraries, functions, applications, and documentation.
