Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] How to Report a Security Vulnerability to Microsof

from [tuytumadre] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] How to Report a Security Vulnerability to Microsoft
Date: Mon, 11 Apr 2005 06:56:13 +0000 



hahahahahaha 

m$ doing social engineering on fd, this is a joke. 

basically they want your 0days so billg becomes more rich. 



Mr. Guninski, although I am a huge fan of your work, I could not disagree more. 
I am sending this email from Redmond where I was invited by Microsoft to a 
small conference about security (it was mostly about what they go through when 
stuff is reported). "M$", as you call it, is not trying to get your 0days. They 
simply want to protect customers, and, although a large part about it is 
profits, the concern is mostly (as far as I know) about the users. Microsoft's 
biggest fear is wide-spread virus epidemics, so when a critical vulnerability 
is fully disclosed without prior notice to MSRC, Microsoft goes into an 
emergency state and everyone gets off of vacation early to come in and help 
resolve the issue (as was the case with my auto-sp2rc release in December, also 
called "Paul's Christmas" by MSRC employees). Microsoft knows that security 
researchers hang out on lists like fd a bugtraq, so what better place to 
eliminate the common improper disclosing ignorance than to provide cl
 ear, concise instructions directly on the security hotspots?

Regards,
Paul
Greyhats Security
http://greyhatsecurity.org
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-disclosure] RE: [NT] Microsoft Multiple E-Mail Client Address Spoofing Vulnerability, Randall M
Next by Date:  Re: [Full-disclosure] How to Report a Security Vulnerability to Microsoft, Dan Becker
Previous by Thread:  Re: [Full-disclosure] How to Report a Security Vulnerability to Microsoft, Steve Friedl
Next by Thread:  Re: [Full-disclosure] How to Report a Security Vulnerability to Microsoft, Dan Becker
Indexes:  [Date] [Thread] [Top] [All Lists]