Ok, enough with 9!! What's next? - Level Extreme

Plateforme Level Extreme

Abonnement

Profil corporatif

Produits & Services

Support

Légal

English

Ok, enough with 9!! What's next?

Message

De

15/04/2005 14:23:05

Jos Pols
C., Afrique du Sud

À

15/04/2005 14:06:29

Terry Thurber
R6Solutions
Houston, Texas, États-Unis

Information générale

Forum:

Visual FoxPro

Catégorie:

Autre

Titre:

Re: Ok, enough with 9!! What's next?

Versions des environnements

Visual FoxPro:

VFP 9

OS:

Windows XP SP2

Network:

Windows 2003 Server

Database:

Visual FoxPro

Divers

Thread ID:

01004046

Message ID:

01005263

Vues:

20

>>>Although I love a good conspiracy I think this one is unlikely in the extreme.
>>>
>>>Okay - I feel better now!:)
>>
>>Yeah so would I except for that Tempest system that can read my screen from a distance ... :)
>
>Maybe we should go back to paper tape!
>
>Another way to look at it - what if the "flaws" in IE and the OS, usually discovered overseas, were not really an "accidental oversite" issue, but intentional. What if MS never expected that 3rd parties would find them. Every release they've made has been shown to have "back doors", or, in the jargon of the IT press, "security holes".

The security holes look bad for MS. Software is complex. Security holes are not back doors. This comparison is too simple.

>What would plan "B"? Mine would be to do a better job (next time) at hiding them! THey have really good engineers at Microsoft.

So do the rest of the non-MS gang.

>Their stuff is pretty magical. So how could those same engineers missed those so called "security holes"?

Becuase the code is complex.

>One monday, last month, microsoft had 8 (count `em, eight) patches on the queue for the download.

Because writing an o/s is about a gazillion times more complicated than what probably most anyone themselves writes :)

>Why does Microsoft get so excited when a nerd publishes the code to take advantage of the "security holes"?

Because it makes their product look bad and by comparison other products like Apache and Linux look good.

>Thats what they (MS) should have done. It would have notified administrators of the problem.

What, all 10 million of them (or whatever staggering number it is? :)

>What better way do demonstrate a security issue than publish the code that can defeat it. At least it would kick start the effort to fix it.

This is an old debate of total disclosure vs. non-disclosure. I am also for disclosure only because of arguments put forward by industry leaders like Bruce Schneier.

>Things are desperate. Ethics are usually the first to jump ship!:)

This is true but MS are not desparate enough to be so stupid. It would not be difficult once a "security hole" is found to show that it exists on purpose (or not). How can the hole be exploited? By who?

Ms are bright enough to know that there are lots of bright people watching their bright people.

In the End, we will remember not the words of our enemies, but the silence of our friends - Martin Luther King, Jr.

Click here to load this message in the networking platform