[OT] Micro$oft versus security

Thomas E. Spanjaard tgen at netphreax.net
Thu Sep 22 08:20:22 PDT 2005


walt wrote:
Okay, that's why I asked -- I didn't know that.  But why take a year
to break a secure hash when you can use a buffer overrun to gain
access to ten thousand Windows machines in a few minutes ;o)
Same can be said of the hundreds of thousands of Apache installations 
out there. And Microsoft really works on those kind of issues, but 
they're not something their third party developers can work on (as far 
as Microsoft-code is concerned). Microsoft however can give advises to 
those developers about secure practices, and no doubt buffer overflow 
issues have been mentioned to them for several years now. It's only 
because of 'recent' policy change that you actually see Microsoft 
publishing this.

Cheers,
--
		-- Thomas E. Spanjaard
		   tgen at xxxxxxxxxxxxx
Attachment:
signature.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pgp00017.pgp
Type: application/octet-stream
Size: 187 bytes
Desc: "Description: OpenPGP digital signature"
URL: <http://lists.dragonflybsd.org/pipermail/users/attachments/20050922/40579249/attachment-0019.obj>


More information about the Users mailing list