Flutterby™! : Windows XP bug

Next unread comment / Catchup all unread comments User Account Info | Logout | XML/Pilot/etc versions | Long version (with comments) | Weblog archives | Site Map | | Browse Topics

Windows XP bug

2001-07-16 15:53:41+00 by Dan Lyke 2 comments

Via David Chess (who usually talks about interesting legal stuff and not these techie things), two approaches to a pretty nasty Windows XP/Outlook security hole. Microsoft's take on the bug, and their solution, is drastically different from Georgi Guninski's take on the bug, and his solution: "Uninstall Office XP and Windows.". Interesting, is that for a simple JavaScript crack Microsoft says: "The person who discovered this vulnerability has chosen to handle it irresponsibly, and has deliberately made this issue public only a few days after reporting it to Microsoft" when, frankly, three days seems like more than enough time for some script kiddie to have discovered this exploit on their own.

[ related topics: Web development Microsoft moron ]

comments in ascending chronological order (reverse):

#Comment made: 2002-02-21 05:32:14+00 by: ebradway

Is it not common practice to report exploits so people can defend against them? Or does Microsoft think they can get everyone using that software combination to upgrade to a new version sooner?

#Comment made: 2002-02-21 05:32:15+00 by: Dylan

It is common practice, but Microsuck always likes to milk it for as much "look what we're doing to protect you" value as they can get...which is funny considering that a bit of due diligence in dev/QA would keep these things from getting out the door. It's not like they couldn't hire a white hat like everyone else *before* releasing.

But MS likes to release alpha code as gold, always has...look at Win95 before OSR2...and the pathetic thing is they get away with it.