-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Microsoft vulnerabilities: full disclosure and no disclosure
,----[ Quote ]
| Following on from full disclosure,
| Microsoft now has a new disclosure variant
| to contend with â no disclosure. French
| security services provider VUPEN claims
| to have discovered two critical security
| vulnerabilities in the recently released
| Office 2010 â but has passed information
| on the vulnerabilities and advice on
| mitigation to its own customers only. For
| now, the company does not intend to fill
| Microsoft in on the details, as they
| consider the quid pro quo â a mention in
| the credits in the security bulletin â
| inadequate.
`----
http://www.h-online.com/security/news/item/Microsoft-vulnerabilities-full-disclosure-and-no-disclosure-1033551.html
Spurned security researchers form anti-MS collective
,----[ Quote ]
| Security researchers irked by how
| Microsoft responded to Google engineer
| Tavis Ormany's public disclosure of a
| zero-day Windows XP Help Center security
| bug have banded together to form a group
| called the Microsoft Spurned Researcher
| Collective*.
|
| The group is forming a "union" in the
| belief that together they will be better
| placed to handle flak from Redmond and
| elsewhere following the publication of
| security flaws. A statement, published by
| The Windows Club blog, explains the
| Collective's stance.
|
| âDue to hostility toward security
| researchers, the most recent example being
| of Tavis Ormandy, a number of us from the
| industry (and some not from the industry)
| have come together to form MSRC: the
| Microsoft-Spurned Researcher Collective,"
| it said. "MSRC will fully disclose
| vulnerability information discovered in
| our free time, free from retaliation
| against us or any inferred employer.â
`----
http://www.theregister.co.uk/2010/07/06/ms_spurned_research_collective/
Recent:
Microsoft Office 2010 Security Flaw Reportedly Found
,----[ Quote ]
| Researchers at Vupen Security say they have
| uncovered a security vulnerability in
| Microsoft Office 2010. However, their
| discovery has been met with criticism from
| Microsoft, which complains that it has not
| received technical details of the bug.
`----
http://www.eweek.com/c/a/Security/Microsoft-Office-2010-Security-Bug-Reportedly-Found-323576/
Microsoft issues 'silent' patches; AT&T to pay for slow DSL speeds
http://www.networkworld.com/podcasts/360/2010/050610-nw360-daily.html
Microsoft "silently" patches vulnerabilities, leaves admins in the dark
http://www.zdnet.com/blog/hardware/microsoft-silently-patches-vulnerabilities-leaves-admins-in-the-dark/8239
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkw3J1IACgkQU4xAY3RXLo5cWgCePBPpoYxaMScTdRrRM0oRE3Zv
LR0AoJI0VpYg90dPVUXWDnKf2GM+BfQq
=DqvN
-----END PGP SIGNATURE-----
|
|
