On Thu, 26 Feb 2004 21:46:20 "Richard Spiers" <Dksaarth@xxxxxxxxxxx> said: > Just thought I'd highlight some things > > ""We have never had vulnerabilities exploited before the patch was > known," he said. " > > "Mr Aucsmith said he could only think of one instance when a > vulnerability was exploited before a patch was available." > > Which one is it? And at any rate both are ridiculous. I thought about this fact as well, but it's typical semantics playing into PR bull. He said could only think of one instance of an exploit before a patch was available. However, note that he very carefully sidesteps the issue by first saying no exploits have existed since "before the patch was known." Not available. Basically he's saying "OK, well this one time, we announced a forthcoming patch and an exploit was discovered to be in existence before we actually got around to releasing the patch." Ahh, the spin cycle. -chris -- Chris McCulloh Secure Systems Architect Sinetimore, LLC e: cmcculloh@xxxxxxxxxxxxxx t: 212.504.0288 f: 212.656.1469 w: http://www.sinetimore.com a: 40 Broad Street, 4th Floor, New York, NY 10004, USA key: http://www.sinetimore.com/chriskey.pub : [ 9508 07E0 9E6C DD05 4419 40FA 4D96 FD82 24CE 0273 ]
Attachment:
pgp00096.pgp
Description: PGP signature