Now, this is driving me mad. Not only have we the discussion about Full Disclosure and Responsible Disclosure but now security companies are starting to buy vulnerabilities to go public with them afterwards. Hoiw can you trust a company like this to help you to secure your environment? Are they going to sell in the end what they found during the assessment in your company?

Read yourself and comment: http://www.foxnews.com/story/0,2933,210781,00.html

Roger

Once again: Websense received reports about a mail claiming to be from us. This mail is a faked Security Bulletin. Even though the patch you download is pretty similar to the one we released, there is a Trojan horse part of the patch as well:

http://www.websense.com/securitylabs/alerts/alert.php?AlertID=228

Roger

Well, there is a lot of chatter going on out there regarding claims of "yet another" PowerPoint 0-day. What really annoys me is that some sources claim that Microsoft is back in the good old days, where we have been accused of not saying the truth. People really following our way closely should have learned that we are running an open and honest communication.

Now, back to the PowerPoint 0-day. The most important information – it is be far not a 0-day. Our investigations show that a fully patched machine is not affected by this exploit. Therefore it is nothing more than just another criminal attack against the user.

If you need additional details: http://blogs.technet.com/msrc/archive/2006/08/23/449075.aspx

Roger

During my customer visits in the last few days, I have been often asked about MS06-042. I assume that you all saw that we re-released it today after having to pull it yesterday due to some problems with the installation of the new update.

The re-release is only for IE6 SP1-customers as the problems with the original patch was only concerning this version.

For more details on why we had to pull it, see http://blogs.technet.com/msrc/archive/2006/08/24/449860.aspx

Roger

It is not only Microsoft buying security companies, it seems that other have a need there as well. This acquisition is a pretty interesting one and I am looking forward to seeing what IBM is doing with it:

http://www.forbes.com/entrepreneurs/feeds/ap/2006/08/23/ap2968281.html

Roger