Microsoftheaded, hugely stupid

Travis Roy travis at scootz.net
Thu Sep 18 18:41:56 EDT 2003 

Any chance you can send the headers of these emails to the list for us 
to take a look at.


On Thursday, September 18, 2003, at 04:10 PM, Jon maddog Hall wrote:

> So, I am not really a "security minded person".  Those people I usually
> simply bow to and hope that the patches come out fast enough that I 
> can apply
> them and protect my system.  But I do expect a certain amount of 
> decorum
> in getting those patches.  Usually it means going to some protected 
> site
> and doing something reasonable.
>
> A few minutes ago I get two email messages in rapid succession.
>
> One has the subject line "Current Update", the other has a subject line
> "Current Microsoft Critical Upgrade".  Both propose to fix "all known
> security vulnerabilities affecting MS Internet Explorer, MS Outlook 
> and MS
> Outlook Express as well as three newly discovered vulnerabilities."
>
> Both letters delivered the patches directly, via email.  Neither letter
> described a way that I could tell if the patch had been tampered with, 
> or even
> if the patch had actually come from Microsoft.
>
> Each letter had a different file attached, with a different name.  If 
> they
> both fix "all known problems", why do I have two with different names,
> different lengths, etc.
>
> Now, I have no real problem in believing that these patches really did 
> come
> from Microsoft, which actually makes the problem worse instead of 
> better.
>
> Why would a major software company really believe that anyone who could
> say the word "secure" would apply this patch that came through the 
> email this
> way?  And if they believe that no real security person would, then why 
> bother
> sending it?  If they get Mom&Pop installing patches this way, what 
> happens
> when the very first "spoofer" hits Mom&Pop with what looks like a patch
> from Microsoft?
>
> It just makes Microsoft look even more clueless.
>
> The really great part is that I don't have any Microsoft products 
> anymore.
> I just stay on their mailing lists to see what other incredible things 
> they
> do.
>
> md
> -- 
> Jon "maddog" Hall
> Executive Director           Linux(R) International
> email: maddog at li.org         80 Amherst St.
> Voice: +1.603.672.4557       Amherst, N.H. 03031-3032 U.S.A.
> WWW: http://www.li.org
>
> Board Member: Uniforum Association, USENIX Association
>
> (R)Linux is a registered trademark of Linus Torvalds in several 
> countries.
> UNIX is a registered trademark of The Open Group in the US and other 
> countries.
>
> _______________________________________________
> gnhlug-discuss mailing list
> gnhlug-discuss at mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
>

More information about the gnhlug-discuss mailing list