Microsoftheaded, hugely stupid

Jerry Feldman gaf at blu.org
Thu Sep 18 16:22:09 EDT 2003 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

That was a Worm. The email looks very legitimate, just like it comes
from MSFT, but the attachment is a virus. Fortunately, they do not
affect Linux.

On Thu, 18 Sep 2003 16:10:53 -0400
Jon maddog Hall <maddog at li.org> wrote:

> So, I am not really a "security minded person".  Those people I
> usually simply bow to and hope that the patches come out fast enough
> that I can apply them and protect my system.  But I do expect a
> certain amount of decorum in getting those patches.  Usually it means
> going to some protected site and doing something reasonable.
> 
> A few minutes ago I get two email messages in rapid succession.
> 
> One has the subject line "Current Update", the other has a subject
> line"Current Microsoft Critical Upgrade".  Both propose to fix "all
> known security vulnerabilities affecting MS Internet Explorer, MS
> Outlook and MS Outlook Express as well as three newly discovered
> vulnerabilities."
> 
> Both letters delivered the patches directly, via email.  Neither
> letter described a way that I could tell if the patch had been
> tampered with, or even if the patch had actually come from Microsoft.
> 
> Each letter had a different file attached, with a different name.  If
> they both fix "all known problems", why do I have two with different
> names, different lengths, etc.
> 
> Now, I have no real problem in believing that these patches really did
> come from Microsoft, which actually makes the problem worse instead of
> better.
> 
> Why would a major software company really believe that anyone who
> could say the word "secure" would apply this patch that came through
> the email this way?  And if they believe that no real security person
> would, then why bother sending it?  If they get Mom&Pop installing
> patches this way, what happens when the very first "spoofer" hits
> Mom&Pop with what looks like a patch from Microsoft?
> 
> It just makes Microsoft look even more clueless.
> 
> The really great part is that I don't have any Microsoft products
> anymore. I just stay on their mailing lists to see what other
> incredible things they do.
> 
> md
> -- 
> Jon "maddog" Hall
> Executive Director           Linux(R) International
> email: maddog at li.org         80 Amherst St. 
> Voice: +1.603.672.4557       Amherst, N.H. 03031-3032 U.S.A.
> WWW: http://www.li.org
> 
> Board Member: Uniforum Association, USENIX Association
> 
> (R)Linux is a registered trademark of Linus Torvalds in several
> countries. UNIX is a registered trademark of The Open Group in the US
> and other countries.
> 
> _______________________________________________
> gnhlug-discuss mailing list
> gnhlug-discuss at mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
> 


- -- 
Jerry Feldman <gaf at blu.org>
Boston Linux and Unix user group
http://www.blu.org PGP key id:C5061EA9
PGP Key fingerprint:053C 73EC 3AC1 5C44 3E14 9245 FB00 3ED5 C506 1EA9
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)

iD8DBQE/ahPx+wA+1cUGHqkRAjDPAJ0SPLQlrHj9mFZYMMUY7m1kEuLPBgCcDEBf
J0w1ZtlQ30NcS3/RojWjSgo=
=GkJX
-----END PGP SIGNATURE-----

More information about the gnhlug-discuss mailing list