Results 1 to 2 of 2

Thread: MS - Trustworthy Computing

  1. #1
    Senior Member
    Join Date
    Jun 2002

    MS - Trustworthy Computing

    Those of us who follow technology current events are aware of Microsoft's recent push to make security one of its top priorities. In an e-mail sent to employees last January, Microsoft chairman Bill Gates told employees to shift gears and put more resources into making products more secure, rather than adding features.

    Gates said: "When we face a choice between adding features and resolving security issues, we need to choose security. Our products should emphasize security right out of the box."

    The change in software focus -- which the company has labeled "Trustworthy Computing" -- came shortly after Microsoft experienced a severe rash of security, reliability and privacy-related problems, which plagued its already-troubled reputation.

    Considering this new shift to a security over functionality policy, I think it highly ironic that this appeared in my inbox from the BugTraq mailing list:

    Less then 10 hours After i Post This message on BugTraq
    Hotmail Cancelled My Hotmail Account (my Primary email account).
    ...after this person posted a working demonstration of a vulnerability in IE6. This vuln in IE6 enabled the web site to obtain your MSN Messenger contact list and the status of your email. He didn't discover this bug apparently, as his demo is an exploit of a pre-existing vulnerability.

    Access Denied to Hotmail Account
    Demonstration of Vulnerabilities

    The purpose of cancelling his Hotmail account completely escapes me. It doesn't solve the bug, his demos are still up, and it really just shows what a childish organisation Microsoft is. If they sent him an email saying 'We are working on the vuln, nice demos, but do you mind taking them down while we fix the problem' then that would be understandable, as well as productive. It would show that Microsoft is willing to work with people, instead of doing something juvenile like this. If they want to truly implement 'trustworthy computing' they will need to build bridges with the 'hacking' (loathe to use that word) community.

    Do you guys think this was a reasonable gesture on MS part?

  2. #2
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Beverwijk Netherlands
    I agree totaly.

    Removing his hotmail account (was it a free or a paid one??) is a realy nasty demonstration of microsofts pollicy of Security thrue obscurity.

    This was totaly un called for, those kind of things make me on Microsoft.

    Some companies I know even upgrade your account if you show them vulnerabilities in their services, but that has never been the Microsoft way, I guess...
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts