Is it sloppy programming, or do full computer security vulnerability disclosure make it too easy for hackers?
Is it sloppy programming, or do full computer security vulnerability disclosure make it too easy for hackers? Microsoft has a personal interest in minimizing the exploit of their code, but the evil you know is better than the evil you don't. Others have weighed in on this debate in the past, or provided a fair but vague blueprint for the computer security community. Do you think that a middle ground exists?
Seeing weird things in your website logs today? This will explain it... Running IIS and haven't patched it in over a month? Go here. 13,000 servers have already been affected.
Countless people have had problems with their Apple Airport wireless base stations failing shortly after the one year warranty ran out. Adventurous folks figured out that there was a faulty capacitor in the power supply, got out their soldering irons, and drilled some ventilation holes. Apple is aware of the issue, and is quietly replacing ABSs that fall within a specific serial number range, but only if they have failed. So other folks have to wait until the damn thing dies before it can be replaced. This corporate behavior isn't just limited to Apple. What other vendors are guilty of lack of disclosure for faulty products, and only change their tune after public outcry?