Comments on: How to report a security hole to Microsoft http://www.squarefree.com/2004/03/10/how-to-report-a-security-hole-to-microsoft/ Jesse Ruderman on Firefox, security, and more Tue, 06 Jan 2009 13:19:32 +0000 http://wordpress.org/?v=2.5 By: Jan! http://www.squarefree.com/2004/03/10/how-to-report-a-security-hole-to-microsoft/#comment-405 Jan! Tue, 30 Nov 1999 00:00:00 +0000 http://www.squarefree.com/test/wp15/wordpress/?p=116#comment-405 So the bug is in both Opera and IE, but not in Gecko-based browsers? Is it a serious one, as in: could it be exploited to make Bad Things happen? (PS: Please fix your tabindex order so I can tab from this textarea to the submit button) (Also, when previewing this comment, I got the followin error at the bottom of the page, under "Previous Comments": "MT::App::Comments=HASH(0x81051bc) Use of uninitialized value in sprintf at lib/MT/Template/Context.pm line 1187.") So the bug is in both Opera and IE, but not in Gecko-based browsers? Is it a serious one, as in: could it be exploited to make Bad Things happen?

(PS: Please fix your tabindex order so I can tab from this textarea to the submit button)

(Also, when previewing this comment, I got the followin error at the bottom of the page, under “Previous Comments”: “MT::App::Comments=HASH(0×81051bc) Use of uninitialized value in sprintf at lib/MT/Template/Context.pm line 1187.”)

]]> By: Paul Paradise http://www.squarefree.com/2004/03/10/how-to-report-a-security-hole-to-microsoft/#comment-406 Paul Paradise Tue, 30 Nov 1999 00:00:00 +0000 http://www.squarefree.com/test/wp15/wordpress/?p=116#comment-406 If you actually have a problem getting ahold of Microsoft for something important, don't forget your friendly alumni. Given I work there, I can probably forward something along and get it noticed way more easily. -Paul If you actually have a problem getting ahold of Microsoft for something important, don’t forget your friendly alumni. Given I work there, I can probably forward something along and get it noticed way more easily.

-Paul

]]> By: hao2lian http://www.squarefree.com/2004/03/10/how-to-report-a-security-hole-to-microsoft/#comment-407 hao2lian Tue, 30 Nov 1999 00:00:00 +0000 http://www.squarefree.com/test/wp15/wordpress/?p=116#comment-407 Skywriting above the Redmond company usually works. Skywriting above the Redmond company usually works.

]]> By: Jesse Ruderman http://www.squarefree.com/2004/03/10/how-to-report-a-security-hole-to-microsoft/#comment-408 Jesse Ruderman Tue, 30 Nov 1999 00:00:00 +0000 http://www.squarefree.com/test/wp15/wordpress/?p=116#comment-408 I reported the hole using Microsoft's wish form and did not get a response. I also reported it by e-mailing Paul and did not get a response. I finally got a response from Microsoft after reporting the hole using Microsoft Premier Support. I was not satisfied with the response, but at least I know that someone at Microsoft read it. Today I found <a href="http://channel9.msdn.com/ShowPost.aspx?PostID=11308,">http://channel9.msdn.com/ShowPost.aspx?PostID=11308,</a> which says that the correct way to report a security hole is to e-mail secure@microsoft.com. I'll try that next time I find a hole in IE. I reported the hole using Microsoft’s wish form and did not get a response. I also reported it by e-mailing Paul and did not get a response. I finally got a response from Microsoft after reporting the hole using Microsoft Premier Support. I was not satisfied with the response, but at least I know that someone at Microsoft read it.

Today I found http://channel9.msdn.com/ShowPost.aspx?PostID=11308, which says that the correct way to report a security hole is to e-mail secure@microsoft.com. I’ll try that next time I find a hole in IE.

]]>