[ale] AT&T Broadband blocking inbound http?

Robert L. Harris Robert.L.Harris at rdlg.net
Thu Aug 9 11:29:09 EDT 2001





OK,  Only 1 thing to say about Microsoft Secrity...  HOTMAIL.

It's one of their crowning glories.  Big, pretty, THEIRS and INFECTED.
Yes they probably had 500+ servers and it's not easy to patch 500 servers
by hand.  No you don't have to though.  There are products that'll do
whole companies and departments at once, I've seen it done, automated.

They can't even patch their own stuff, and yes, they confirmed it,
not a rumor:

http://dailynews.yahoo.com/h/cn/20010809/tc/microsoft_says_hotmail_hit_by_code_red_1.html





Thus spake Jonathan Rickman (jonathan at xcorps.net):

> On Thu, 9 Aug 2001, Wandered Inn wrote:
> 
> > Companies recall stuff all the time.  That system works.  Part of the
> > problem with software is that there is no responsibility for in-action.
> > No, I don't want to see Apache/Samba or any other individual developers
> > sued, as they would just quick doing it.  What I would like to see is
> > for companies to take responsibility for their poor efforts.  You know
> > as well as I do that when there's a hole in Apache, or most any other
> > free software, the patch is available within hours.  Companies like M$
> > provide patches when they get around to it and only when someone else
> > points it out.  I've never heard of M$ saying: "We found a security
> > problem with Microsoft Virus transport protocol, so you can get your
> > patch here."
> 
> God help me!!! I'm about to defend Microsoft on a Linux mailing list!!!
> 
> Actually, while Microsoft's reputation for "out of the box" security is
> absolutely horrible, their cooperation with the Security Community "after the
> fact" is quite good. They DO release patches within reasonable timeframe. They
> DO admit their screw-ups (all too often). And they DO cooperate with others when
> developing bug fixes. Scott Culp has put an awful lot of work into improving the
> MS reputation within the Security Community. His efforts are paying dividends.
> The patch for this particular bug was released fairly soon after it was
> discovered. It's not their fault that everyone ignored the warnings. But...and
> this is a big-ass but...they did fail to patch half the servers on the Hotmail
> development network and they have scanned me repeatedly costing me Trillions!!!!
> </tongue in cheek>
> 
> -- 
> Jonathan Rickman
> X Corps Security
> http://www.xcorps.net
> 
> --
> To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.



:wq!
---------------------------------------------------------------------------
Robert L. Harris                |  Micros~1 :  
Senior System Engineer          |    For when quality, reliability 
  at RnD Consulting             |      and security just aren't
                                \_       that important!
DISCLAIMER:
      These are MY OPINIONS ALONE.  I speak for no-one else.
FYI:
 perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'

--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.





More information about the Ale mailing list