[Full-disclosure] Microsoft takes 7 years to 'solve' a problem?!

["Memisyazici, Aras" <arasm@xxxxxx>]

<RANT>

<snip:: taken from MSRC Blog: 
http://blogs.technet.com/msrc/archive/2008/11/11/ms08-068-and-smbrelay.aspx>

What we released today with MS08-068 is that security update. It addresses the 
SMBRelay issue (discovered in 2001) does so in a way that doesn?t have the 
negative impact on applications that we originally believed addressing this 
issue would have.

</snip>

So... Hmm... I wonder what would happen if the rest of the world followed suit 
with M$' approach, and took 7 years to "fix" an issue in order to "not cause a 
significant impact"...

Scenario:

Ppl: Hey Ford, if one brute-forces the keyless entry on the door, you're car 
explodes...

Ford: well... I'll offer you three choices, two immediately, and the last one 7 
yrs later. You can either not use the keyless entry system (we'll give you some 
shiny duck-tape to cover it) or you can use the biometric-knub system which 
requires that you have a knub... So those who have arms & legs can't use the 
system... (btw this will give birth to a whole new industry that will allow ppl 
to pay money for a product that fakes a knub for people with appendages) But 
it's biometric & cool this way! Or you can wait for 7 years and we'll release a 
non-exploding version of the keyless-entry system.

***************************************

OK... Maybe I'm going a bit extreme, but WTH?! Am I the only one who is 
interpreting this, this way? Really? When has releasing a solution to a problem 
7 years later ever been acceptable?

Jus' sayin' ...

</RANT>

Aras 'Russ' Memisyazici
Systems Administrator
Virginia Tech
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/