BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Microsoft Sits on Security Flaw for Six Months

Subject: Microsoft Sits on Security Flaw for Six Months
From: greg at freephile.com (Greg Rundlett)
Date: Wed, 11 Feb 2004 09:48:36 -0500
In-reply-to: <200402110736.10188.david@thekramers.net>
References: <200402110736.10188.david@thekramers.net>

What can we do as a Free Software community to take this opportunity to 
offer the many fine alternatives?

I would expect a full-court press from the likes of RedHat, IBM and 
Novell, but it seems to me that the press in general has yet to become 
aquainted with the viability of Debian/RedHat/Suse/Knoppix/whatever as a 
way to get off this never-ending train wreck called Microsoft.

I would urge all of us to take a very professional position that (insert 
your favorite solution) is a great way to instill a higher level of 
security and freedom into personal and business computing environments.  
The real key here is how long it took Microsoft to respond to this 
critical threat (leaving customers out to dry for six months) while 
security issues in the Free Software world are fixed by a world-wide 
team of developers, often literally overnight.

If you have press contacts, or business contacts, or a website, you may 
want to take a moment to advocate for Free Software in the face of this 
security debacle.  As a society, we can't afford to have our electric 
utilities, government and business systems at risk of these persistent 
perils that are inherent in proprietary software.

- Greg

David Kramer wrote:

>From /.
>
>Posted by michael on Tuesday February 10, @04:13PM
>from the you've-already-been-hacked dept.
>pmf writes "Yet another critical vulnerability affecting Windows 2000/XP/2003 
>has been just announced by eEye. It is worthy to note, that it took Microsoft 
>over 6 months to fix it. The bug affects ASN.1 library and is remotely 
>exploitable through authentication subsystems (Kerberos, NTLMv2) and 
>applications that make use of SSL certificates." The AP has an overview.
>
>http://www.eeye.com/html/Research/Advisories/AD20040210.html
>http://www.microsoft.com/technet/security/bulletin/MS04-007.asp
>http://apnews.myway.com//article/20040210/D80KJ01G1.html
>
>----------------------------------------------------------------------------
>DDDD   David Kramer         david at thekramers.net       http://thekramers.net
>DK KD     One last warning: don't believe anything that you read in this
>DKK D     document.  Every effort has been made to ensure that this document 
>DK KD     is incomplete and inaccurate, and I take no responsibility for an
>DDDD      glimmers of correct information that may, by some fluke, be here.
>                                                       UW_IMAP documentation
>_______________________________________________
>Discuss mailing list
>Discuss at blu.org
>http://www.blu.org/mailman/listinfo/discuss
>
>
>  
>

-- 
FREePHILE
We are 'Open' for Business
Free and Open Source Software
http://www.freephile.com
(978) 270-2425
Nothing succeeds like the appearance of success.
		-- Christopher Lascl

References:
- Microsoft Sits on Security Flaw for Six Months
  - From: david at thekramers.net (David Kramer)

Prev by Date: Banning IPs from Apache?
Next by Date: Banning IPs from Apache?
Previous by thread: Microsoft Sits on Security Flaw for Six Months
Next by thread: Gentoo: Installing / Administering on Multiple Machines
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Boston Linux & Unix / webmaster@blu.org