Deus Ex Alpha

I can't stand all these "security companies" that just throw out another vulnerability scanner that links to Bugtraq, scans named pipes, DCOM, etc and do pentests and call themselves accomplished firms. In fact, I don't really like the InfoSec community much at all. I saw a very interesting comparison once between the InfoSec community and the mafia. It went something like this:

1.) Mafia tells businessmen that they might be "in danger" (internet threat level).
2.) Mafia sends goons to "take care" of said businessmen" (release "proof-of-concept" exploits, thus releasing a shockwave of script-kiddies).
3.) Mafia gets its payment from the sucker businessmen (InfoSec firm gets hired to do pentest/fix holes/sells some bullshit product to companies).

It was longer than that, but you get the idea. I do agree with releasing exploits after a vendor patch has been released, but that isn't how it goes much of the time.

To understand a bit of the madness behind releasing expliots, you have to understand the Microsoft/community relationship.

People have, in the past, given expliots to software companies without releaseing them. This enables the software company to fix the problem, and the person to be happy the bug is finally fixed.

However, Microsoft, the worlds biggest/most important software company deoes things differently. Even if handed an expliot, which they could patch in a day and have every one safe, they don't. Instead, only things that are considered a risk (aka, in the public domain) are fixed. The only way to get Microsoft to fix that nasty little bug, is to infact make it a nice big one.

This is in stark contrast to Linux, as you should know. The people find bugs, the bugs are fixed, every one is happy.

I like Microsoft, all their bugs and exploits that damages pc's make me money by fixing them

Konami wrote:I like Microsoft, all their bugs and exploits that damages pc's make me money by fixing them

And it makes money for the people you rant about.

See no evil, there is no evil.