[ale] AT&T Broadband blocking inbound http?

[Jonathan Rickman]

On Thu, 9 Aug 2001, Wandered Inn wrote:

> Companies recall stuff all the time.  That system works.  Part of the
> problem with software is that there is no responsibility for in-action.
> No, I don't want to see Apache/Samba or any other individual developers
> sued, as they would just quick doing it.  What I would like to see is
> for companies to take responsibility for their poor efforts.  You know
> as well as I do that when there's a hole in Apache, or most any other
> free software, the patch is available within hours.  Companies like M$
> provide patches when they get around to it and only when someone else
> points it out.  I've never heard of M$ saying: "We found a security
> problem with Microsoft Virus transport protocol, so you can get your
> patch here."

God help me!!! I'm about to defend Microsoft on a Linux mailing list!!!

Actually, while Microsoft's reputation for "out of the box" security is
absolutely horrible, their cooperation with the Security Community "after the
fact" is quite good. They DO release patches within reasonable timeframe. They
DO admit their screw-ups (all too often). And they DO cooperate with others when
developing bug fixes. Scott Culp has put an awful lot of work into improving the
MS reputation within the Security Community. His efforts are paying dividends.
The patch for this particular bug was released fairly soon after it was
discovered. It's not their fault that everyone ignored the warnings. But...and
this is a big-ass but...they did fail to patch half the servers on the Hotmail
development network and they have scanned me repeatedly costing me Trillions!!!!
</tongue in cheek>

-- 
Jonathan Rickman
X Corps Security
http://www.xcorps.net

--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.