KennethHunt.com blog Entry - 06/27/2002: "Message Queuing Protocol flawed says Allchin: Disclosure May Endanger U.S."

logo

[Previous entry: "Servlet Development Tools"] [Main Index] [Next entry: "The Open Web Application Security Project"]

06/27/2002 Entry: "Message Queuing Protocol flawed says Allchin: Disclosure May Endanger U.S."

Message Queuing Protocol flawed says Allchin: Disclosure May Endanger U.S.
Bruce over at Cryto-Gram Newsletter points out an appalling security slip up from Microsoft's Jim Allchin:

During his second day on the stand, Allchin conceded that Microsoft has already identified at least one protocol and two APIs that it plans to withhold from public disclosure under the security carve-out.

The protocol, which is part of Message Queuing, contains a coding mistake that would threaten the security of enterprise systems using it if it were disclosed, Allchin said.

Bruce comments:
So, until such time as they can field a backwards-compatible fix, they're going to hope no one else discovers it. (This is not a wholly unreasonable decision; security researchers have made the same decision in the past.) Of course, Allchin has undermined this decision by publicly naming the protocol.

Thanks for visiting my page, I have switched to new software and updates and new content is here: Kenneth Thank You!