Holier than thou

A month ago when the Apple Wifi flack again rose to the surface Stephen Tolouse in his usual "Holier than Thou" stance made yet another comment and I quote:

This is NOT the way a vendor should handle a vuln disclosure.

Stephen has made it a habit of lecturing Apple on its responses to security situations. And yet, when Microsoft does the same or worse, all you hear is the deafening silence.

The animated cursor flaw was reported to Microsoft in October 2004! Cesar Cerrudo, the hacker who found it, got tired of waiting for a fix from Microsoft and published details during the MoKB (Month of Kernel Bugs) project last November. And till the exploit got released Microsoft did NOTHING. And to top it off they REFUSED to credit the researcher because, in Microsoft's eye, he crossed the "responsible disclosure/full disclosure" line.

"Microsoft's point is really clear. Once someone puts customers at risk, we can't credit them. We never have and we don't intend to change that policy."

What a crock! And people like Stepto continue to lecture Apple about their response to a third party Wifi driver attack which later morphed into a OSX driver vulnerability and has YET to be proven to do anything more than crash the system. So Microsoft has a "policy" regarding not crediting researchers that put customers at risk and somehow Apple is evil for not crediting researchers on a disputed claim?

Hypocrisy, thy name is Microsoft.

Animated Cursors Zero Day Vulnerability

CNet News

A new security vulnerability puts Windows users at risk of serious cyberattacks, Microsoft warned late Wednesday.

The vulnerability affects all recent Windows versions, including Vista, which Microsoft has promoted heavily for its security. The operating system software is flawed in the way it handles animated cursors, Microsoft said in a security advisory.

Here's the Microsoft Advisory.

Lest we forget ....

Nowadays, security guys break the Mac every single day. Every single day, they come out with a total exploit, your machine can be taken over totally. I dare anybody to do that once a month on the Windows machine. - Bill Gates

Speaking of which, apparently someone heard Gates' challenge and decided to take him up on it. We will see how far this goes.

Update: As many suspected (based on the timing of this thing) the WOVB was an April fools gag. Hence my cautious line of "We will see how far this goes".