:The Register: MS claims copyright on Windows bugs; seeks to block BugTraq
The Register: MS claims copyright on Windows bugs; seeks to block BugTraq Dec 8, 2000, 20 :44 UTC (17 Talkback[s]) (9368 reads) (Other stories by John Leyden) (As seen on NewsForge)
"Microsoft is claiming copyright over its security notices and insisting that mailing lists can no longer publish the Beast of Redmond's dire security warnings."
"The lawyers at Microsoft have objected to the publication of its security notices by SecurityFocus.com, which runs the popular BugTraq security mailing list."
"Elias Levy, of SecurityFocus.com, told readers of the site: "As the copyright holders of the work they have told me in no uncertain terms that I do not have their permission to redistribute a text version of their web page bulletins via the mailing list or the securityfocus.com web site, and that doing so would be considered an act of copyright violation."
ROTF! I knew that sooner or later, MS would get around to claiming proprietary rights on reporting Windows' failures. Of course, all that would accomplish is stopping Bugtraq from posting the flaws verbatim. There would be nothing stopping the people there from paraphrasing the security flaws and using short critical quotations from the actual security release. The main impact would be the extra time needed to type up an original report.
On the other hand, that might be a tremendous drain on company resources, as keeping up with MS' security flaws is a full-time, multi-team, unending job.
It's a joke. Not SecurityFocus' policy, of course. But security in combination with those would-be OS'es from the Criminal Monopolist (tm). They are on par, as long as you understand that between "security" and "windows" a "not is" must be present.
Seriously now. Until November 22, 2000 MS obeyed by the rule that security alerts on Bugtraq were full disclosure. They didn't like it but the consequence was that others would post their findings without any coordination with MS.
From November 30, 2000 MS posted alerts in another form. No description of the bug was enclosed, only a (not so good) link to their website. While most reactions were not posted the general feeling among security specialists was that this kind of posting was not acceptable because of :
- Bugtraq is a full disclosure mailing list and any posting without content is not acceptable by that policy,
- nobody knows how long a posting on a certain website will be available to the general public,
- nobody knows if and when such a posting will be changed without notice,
- MS has a known track of change without prior knowlegde, on security matters and others,
- many links on MS' website has been proven to be unresolvable for many months,
- adding a single point of failure is not in the interest of the security officers.
So Elias Levy tried to solve this problem by copying the contents from the Criminal Monopolist's website to the Bugtraq mailinglist. But the CM was not really pleased and Elias posted this stance to Bugtraq. Starting at December 6, 2000 Elias posted _very_ short messages regarding security problems of the CM software. It is a pity that he did not post an explanation why he started posting these short messages which have a little bit more content than the CM's postings but it is not full disclosure anymore.
For the time being (think of until December 8, 3000) the best you can do is to stick with GNU/Linux and OpenBSD. Especially that combination is very good if you are in charge of security. And just forget that CM platform, you cannot secure it. It's not worth your time and effort. Or do you have the sources, like those crackers ?
Hmmm. If you're running Windows, you should fiddle around and try to find new bugs that haven't been reported yet, and whenever you do find one, rush out and patent it before you report it. Then you can sic your lawyers on MS, telling them that you would have been happy to license your patent out at a mere $1.00 per copy, but since they shipped without getting your permission first, you are going to "have to" charge them $100.00 per copy that they have already shipped, as a lesson to other would-be patent breakers.
mixed feelings You could look at this as a good thing. No longer will I see all the boring MS postings. Since I run Linux, I only worry about it.
Or look at it as the start of the end for MS.
MS is doing so poorly that their now willing to try and limit the amount of information getting out. Now it is much harder for the avarge Linux user to bash MS over it's poor O/S and applications. If you want to bash them, you have to spend the extra time to go to MS's site and read there postings. Also MS can now limit the amount of time the postings are on their site.
Business as usual An honest company, that wants to help customers, would try to do everything possible to ensure that its customers are informed about security problems. An honest company would want to ensure that its customers receive accurate information, and would welcome having its own notifications passed on, rather than having them paraphrased.
But Microsoft's business strategy is based on deception.
Microsoft's real objections to BugTraq are probably 1) the fact that BugTraq keeps count, and 2) by keeping a copy of the original notices, BugTraq makes it impossible for Microsoft to lie about it later.
security through... obscurity. Hey look! Windows has no more bugs! :) And guess what? Every cracker on the planet is using your bank account to launder money!
Personally I hope that bugtrac finds a good way to stick it to MS. Like large postings announcing a major bug, then a simple link to microsofts home page. Let admins dig through the mess, and you should see a nice flock of them come over to Linux in a hurry. Especially as MS squeezes down on the information that gets out.
Could somebody please shoot this company and put it out of it's misery?
Public Right to Know... Wonder if a case could be made that the public's right to know overrides
any copyright protection? MicroSloth has really been resorting to horrible
tactics lately (double billing corporate customers, increased auditing,
supressing the dissemination of security information...). Jeez, seems they
trying to drive their customers away.
Re: mixed feelings > MS is doing so poorly that their now willing to try and limit the amount of information getting out.
Hmmm. Reminds me of the way the Soviet Union used to try to prevent any bad news about Soviet society from reaching the West. Sounds like Microsoft could use a little "glasnost".
Do the people at Microsoft understand that their monopolistic, greedy and plain malignant and evil actions influence a whole world out there ?
Their underprogrammed platform is now in use in hospitals for god sake!!!
Their poor programming and monopolistic behaviour is costing time, effort and money for a whole suffering world out there!
You may think that I am being overly dramatic. I assure you that I am not.
I am a quite a rational being and as such I understand that the computer industry is now a basic platform on which other industries rely (much like oil and other "enabling" technologies and products).
The fact that this plain EVIL company is controlling this is absurd and Bill Gates wont launder all the evil that his company has done using donations for medical research (I think that his wish to be remmembered as a kind human being when he is in the ground and a technological innovator is what is motivating him to do all this...).
I assure you mister Gates - You will not be remmembered as an innovator.
In the annals of technology, in 50 years from now, Windows will not be remmembered as a technological breakthrough (except in bringing the GUI to the general public). When a student, in 50 years, will submit a report about the hindrances to technological innovation to his proffesor, his main points will be about a monopolistic company called Microsoft which, by using a lot of money and monopolistic conduct, has managed to keep a whole world tied to an aging CPU called "8086" and blatently refused to release information about their technology and release the world from its grip. The 90's in that reported will be reffered to as "The lost years" where technology was not moving forward because this same company tried repeatedly to embrace and extend common technologies and instead of releasing information to the world about the basics of the technology they are using they tried to conceal as much as possible and thus attempted to "take over" the computing industry...
The only bright point about this would be the conclusiong of the paper:
The point where the FSF comes in out of the shadows armed with linux, apache, perl, python, open source java, gcc and other tools to release the world from this grip and open up the world and technology and make it clear, to all companies involved (including SUN,HP,IBM and others):
"YOU WILL NOT CONTROL TECHNOLOGY. INSTEAD, WE, THE PROGRAMMERS, WILL, BY MAKING FREE SOFTWARE WHICH IS FAR BETTER THAN ANY THAT YOU CAN PRODUCE, WILL
FORCE YOU TO PLAY NICE. WE WILL FORCE YOU TO DOCUMENT YOUR TECHNOLOGY. WE WILL FORCE YOU TO USE COMMON TECHNOLOGIES WITHOUT INTRODUCING INCOMPATIBILITIES TO
THEM IN ORDER TO TAKE OVER MARKETS. WE WILL FORCE YOU TO DO THIS. WE WILL
FORCE YOU TO DO THIS BECAUSE WE, COLLECTIVLY, HAVE MORE POWER THAN YOU.
MICROSOFT, IBM, HP, SUN etc : KNOW YOUR PLACE! ON THE SIDELINE.
NONE OF YOU WILL HAVE DOMINION.
What I want from Micorosft is one thing: Remorse.
Another thing for people in Microsoft reading this: resign.
I know it is though to leave your job but working in Microsoft these days
is purely immoral. I undestand that you hold positions in Microsoft which come with money, power and nice benefits, but by holding these positions you are participating in immoral and criminal behaviour.
Programmers in Microsoft: leave your jobs. It is not "cool" to work for a monopoly and besides, the cool technology is no longer in Redmond. Leave your jobs, program for companies which behave nicer, and feel better about yourselvs.
I agree with Microsoft completely on this. I don't know how many of you have actually used Microsoft Windows or other Microsoft products. I have. I use their products every day that I am on the job. Their action in this matter makes perfect sense.
If you had actually used Microsoft products, you would understand that their security holes are just one category of the overall Microsoft bug structure.
If you had actually used Microsoft products, you would come to realize that these can't possibly be accidental.
C'mon, now. I've had PowerPoint bugs that corrupt files on a whim in ways that the most incompetent caffeine-addled junior programmer could avoid.
These Microsoft bugs clearly are the result of something other than mere incredible incompetence coupled with arrogance coupled with scorn for the custoerm.
These bugs must represent a creative effort. Whole teams of people who would be horrified at the thought of a debugger. "Debug? Why would anyone want to do that?"
As creative efforts, Microsoft is completely correct in protecting its right to them.
Backdoors And I'm not talking about the spinoff group featuring clones of the late Jim Morrison :).
What I find hard to understand is if Info is begging to be free, where the hell on Earth does Mickey$haft get off in trying to suppress info: info that could be extremely critical to businesses and individuals for their everyday livelihood?
READ: Info/data/etc that NEEDS to be secure from the prying eyes of certain ''groups'' who shall remain nameless. Does anyone in their right mind believe that these backdoors (READ: ''features'' ie; trojans) bulit into the o/s weren't intentionally put there in place by the programmers themselves with B Gate$ blessing or in a clandestine way by programmers w/o anyone elses knowledge? I do not know what, if any peer review goes on Micro$oft but would imagine it's limited to very small teams. And who says than even these teams aren't incahoots with each other?
Micro$oft has crossed the line one more time to point-blank range. To suppress or subvert critical security info through so-called ''copyrighting'' of bugs notices on their own web site takes their irresponsibility, incompetence and arrogance to new heights. The higher you go the faster you fall.
Ever see the video where a town decides to dynamite a beached whale? INCOMING!!!
Fallout from MS cracking? Hmm... I wonder if all this has anything to do with the recent cracking of Microsoft's internal network by some Russians in St. Petersburg. When MS officially admitted that the crack occurred, many people wondered why they were suddenly being so open and honest about it, since MS's usual tactic is to try putting some spin on the bad news.
Could it be that MS knew they had to take the heavy hit in public -- and let's not doubt that it was a very heavy hit to their credibility as enterprise providers -- because the news would soon be all over Bugtraq anyway? I would imagine that they really hated having to be so honest, hence the current clampdown.
