Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > focus-ms > 03 > 081011.html (Request Expert securityfocus.com Support)

RE: MS broadening its efforts to warn customers

From: Henry Sieff <hsieff(at)orthodon.com>
Date: Mon Aug 04 2003 - 18:00:59 EDT


Yup. Got the same email. My chief concerns are: 1) They are using a never-before-used email address 2) As Bill says (well, in kinder terms) they have made use of a Spamhaus to send us this alert.
3) The email message I got was in HTML. Although Microsoft virtually invented html in email, it says something that they don't use it for the official Microsoft Security Bulletin email.

Now, there have already been virii/worms out there which pretend to be from microsoft. Microsoft, knowing this, should think twice before forcing people to liberalize there attitudes towards senders telling them to install patches etc.

At the very least, Microsoft should make use of a signing key so we can at least use something besides "From:" to decide whether email truly came from them or not.

And of course, now people will wait to receive emails from this new source before treating a vulnerability as important.

Henry

> -----Original Message-----
7X> and also subscribe to Microsoft's
security notification service at
http://register.microsoft.com/ subscription/subscribeme.asp?ID=135 <http://email.microsoft.com/m/s.asp?HB9707218726X2612305X228387X> if you have not already. By
subscribing to these two services you will automatically receive information on the latest software updates and the latest security notifications thereby improving the likelihood that your computing environment will be safe from worms and viruses that occur.

We apologize for any inconvenience the implementation of this patch might cause and appreciate you taking the time to update your system.

Thank you,
Microsoft Corporation


Your network firewall and IDS products do not prevent Web application attacks - the most common form of online exploitation- resulting in Web defacement, data theft, sabotage and fraud. KaVaDo is the only company that provides a complete suite of Web application security products.
Download a FREE whitepaper on "Security Policy Automation for Web Applications":http://www.securityfocus.com/Kavado-focus-ms

Your network firewall and IDS products do not prevent Web application attacks - the most common form of online exploitation- resulting in Web defacement, data theft, sabotage and fraud. KaVaDo is the only company that provides a complete suite of Web application security products.
Download a FREE whitepaper on "Security Policy Automation for Web Applications":http://www.securityfocus.com/Kavado-focus-ms
Received on Tue Aug 5 13:05:57 2003
Do you need help?X

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:34 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library