[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-disclosure] Microsoft's Binary Planting Clean-Up Mission



Hi Thor,

Microsoft is maintaining a list of binary planting bugs they've fixed here:
http://technet.microsoft.com/en-us/security/advisory/2269637

You will find our name in some of these advisories.

Calling the above effort a "Binary Planting Clean-up Mission" was merely a benign
poetic exercise, and this is *not* an official name of any internal mission at
Microsoft to the best of my knowledge.

You can learn something about our interaction with Microsoft here:
http://blog.acrossecurity.com/2010/08/binary-planting-update-day-7.html

Cheers,
Mitja


> -----Original Message-----
> From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx 
> [mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf 
> Of Thor (Hammer of God)
> Sent: Thursday, September 15, 2011 10:59 PM
> To: security@xxxxxxxxxxxxxxxxx; 'ChristianSciberras'
> Cc: full-disclosure@xxxxxxxxxxxxxxxxx; bugtraq@xxxxxxxxxxxxxxxxx
> Subject: Re: [Full-disclosure] Microsoft's Binary Planting 
> Clean-Up Mission
> 
> I'm curious.  Who is your contact at MSFT?  Who is it that 
> has told you they have a "Binary Planting Clean-up Mission" 
> and where do they mention you as having anything to do with it?
> 
> If you are going to claim MSFT's actions as substantive to 
> your agenda, how about provide some details?
> 
> t  
> 
> > -----Original Message-----
> > From: ACROS Security Lists [mailto:lists@xxxxxxxx]
> > Sent: Thursday, September 15, 2011 1:41 PM
> > To: 'Christian Sciberras'
> > Cc: Thor (Hammer of God); full-disclosure@xxxxxxxxxxxxxxxxx;
> > bugtraq@xxxxxxxxxxxxxxxxx
> > Subject: RE: [Full-disclosure] Microsoft's Binary Planting Clean-Up 
> > Mission
> > 
> > Hey Chris,
> > 
> > > I bet Microsoft actually like stating they just fixed yet another 
> > > severe bug.
> > > Zero-day fixing is big business, you know....even if "zero"
> > > is past a few "days".
> > 
> > I don't think Microsoft gains much from being able to say 
> they fixed 
> > yet another bug
> > - maybe if it were a bug they found internally and fixed 
> proactively, 
> > but not like this. And I'm sure they'd rather be doing 
> something else than fixing:
> > fixing a product costs a lot, and it generates no revenue.
> > 
> > Cheers,
> > Mitja
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>