Microsoft Sits on Security Flaw for Six Months

Greg Rundlett greg at freephile.com
Wed Feb 11 09:48:36 EST 2004 

What can we do as a Free Software community to take this opportunity to 
offer the many fine alternatives?

I would expect a full-court press from the likes of RedHat, IBM and 
Novell, but it seems to me that the press in general has yet to become 
aquainted with the viability of Debian/RedHat/Suse/Knoppix/whatever as a 
way to get off this never-ending train wreck called Microsoft.

I would urge all of us to take a very professional position that (insert 
your favorite solution) is a great way to instill a higher level of 
security and freedom into personal and business computing environments.  
The real key here is how long it took Microsoft to respond to this 
critical threat (leaving customers out to dry for six months) while 
security issues in the Free Software world are fixed by a world-wide 
team of developers, often literally overnight.

If you have press contacts, or business contacts, or a website, you may 
want to take a moment to advocate for Free Software in the face of this 
security debacle.  As a society, we can't afford to have our electric 
utilities, government and business systems at risk of these persistent 
perils that are inherent in proprietary software.

- Greg


David Kramer wrote:

>From /.
>
>Posted by michael on Tuesday February 10, @04:13PM
>from the you've-already-been-hacked dept.
>pmf writes "Yet another critical vulnerability affecting Windows 2000/XP/2003 
>has been just announced by eEye. It is worthy to note, that it took Microsoft 
>over 6 months to fix it. The bug affects ASN.1 library and is remotely 
>exploitable through authentication subsystems (Kerberos, NTLMv2) and 
>applications that make use of SSL certificates." The AP has an overview.
>
>http://www.eeye.com/html/Research/Advisories/AD20040210.html
>http://www.microsoft.com/technet/security/bulletin/MS04-007.asp
>http://apnews.myway.com//article/20040210/D80KJ01G1.html
>
>----------------------------------------------------------------------------
>DDDD   David Kramer         david at thekramers.net       http://thekramers.net
>DK KD     One last warning: don't believe anything that you read in this
>DKK D     document.  Every effort has been made to ensure that this document 
>DK KD     is incomplete and inaccurate, and I take no responsibility for an
>DDDD      glimmers of correct information that may, by some fluke, be here.
>                                                       UW_IMAP documentation
>_______________________________________________
>Discuss mailing list
>Discuss at blu.org
>http://www.blu.org/mailman/listinfo/discuss
>
>
>  
>

-- 
FREePHILE
We are 'Open' for Business
Free and Open Source Software
http://www.freephile.com
(978) 270-2425
Nothing succeeds like the appearance of success.
		-- Christopher Lascl

More information about the Discuss mailing list