Outlook bug exposes private appointments
,----[ Quote ]
| He reported the bug to Microsoft Finland some time ago but so far the
| outfit hasn't graced him with an answer. He has asked us to alert
| you to the potential problem.
`----
http://www.theinquirer.net/default.aspx?article=40653
CSRF Bug Runs Rampant
,----[ Quote ]
| It was only a matter of time before the cross-site request forgery
| (CSRF) floodgates would open: A security appliance firm has found the
| wily bug in products from eight security vendors, including Check
| Point Software's Safe@Office Unified Threat Management device, versions
| 7.0.39X and prior.
`----
http://www.darkreading.com/document.asp?doc_id=127731&WT.svl=news1_1
Microsoft sits on its high throne and refuse to listen to people that report
bugs. This isn't the first time. There was a story a while back about a person
who spent half an hour trying to report a bug over the phone (to no avail).
Related:
Microsoft : Arrogance leads to Vulnerability
,----[ Quote ]
| Chatting with the Microsoft senior sales people, I was struck by
| their incredible arrogance. They know the company?s products are good,
| but they have no qualms whatsoever about charging top dollar as a
| result.
|
| It reminds us how Microsoft used to behave when it comes to their
| products' security records. IE5 and 6 were nothing short of being
| proper Swiss Cheese with loads of holes in them but hey, they had 95%
| of the browser market at that time and couldn't care less.
`----
http://securityblog.itproportal.com/?p=514
|
|