Ryan Naraine has a great article over at eWeek.
Microsoft has 'fessed up to hiding details on software vulnerabilities that are discovered internally, insisting that full disclosure of every security-related product change only serves to aid attackers.
I love it. Microsoft once said that all exploits come from reversed patches and now it seems they believe the exact opposite. Can't they just sit in the middle and understand that both happen?
Blackhats have zero-days that Microsoft "may" find and fix internally. Microsoft itself has detected unknown hackers using unknown vulnerabilities in the wild. The JView bug that was discovered by Microsoft's honeymonkey project, for example.
But then the world has the vulnerabilitiy once a patch is released. There are places on the internet that tell you step by step how to do a binary diff on patches. Therefore, there is no silence fix.
For Microsoft to keep silence on the issue after the patch is only hurting their customers. Period.
Hopefully once we get Microsoft right on the issue, we can all move to Apple and start over.
No comments:
Post a Comment