Stephen Toulouse Quotes (21 Quotes)

It is on the table. Every time any kind of exploitation is going on, it is on the table.

The huge responsibility we have is that we have to answer to our customers, and our customers represent potentially hundreds of millions of different configurations.

We're working day and night on development of a cumulative security update for Internet Explorer that addresses the vulnerability.

Our test and engineering plan for that update that we began two weeks ago is on track to have that update ready for Tuesday.

It only affected Windows 2000. So far it has shown a very limited impact -- we're not seeing any widespread impact to the Internet, but we remain vigilant.

It had a huge benefit to our developers.

There might be privately reported issues that end up being in that update that haven't been disclosed yet. When we put out the bulletin, we talk about the information in the vulnerabilities with a beta, how does that work exactly Do you put out a kind-of-a-bulletin

The key thing is really that we want to make people understand the risk with these flaws and that they enable automatic updates.

We're literally in a meeting going over our plans, keeping track of things, when we got word on Tuesday that CNN was reporting they had been hit. At the time, we knew a high-profile target was reporting they had been hit and they didn't know what it was. Their computers were shutting down and restarting,

There's been some speculation that ... this trigger was somehow intentional. That speculation is wrong.

Here's the reality, for the next couple of years the Mac OS will experience increasing security threats and mark my words, the company will have to seek outside expertise in the form of a head of security communications in the next 12 months.

We are aware that exploit code for the vulnerabilities addressed by Microsoft security bulletin MS05-051 is available through third-party fee-based security offerings. Microsoft is not currently aware of active attacks that use this exploit code or of customer impact at this time,

There's been some speculation that you can only trigger this by using an incorrect size in your metafile record and that this trigger was somehow intentional. That speculation is wrong on both counts. The vulnerability can be triggered with correct or incorrect size values.

We had been looking into detailing the history anyway and some customer questions drove the idea to write it up. We just wanted to make sure people had the history.

Although infection rates are low, it doesn't mean it's not a bad situation, ... We want to make sure, not only are we providing information to make sure customers aren't impacted, but to make sure they know how to get back to an operational state.

We're on all the security mailing lists, just like you are, and we investigate everything, even if it's a post about a simple weird behavior in a product.

Certainly, right now, we and our anti-virus partners are not seeing a widespread impact of this attack.

We can't leave anybody behind. And unfortunately you might be introducing new problems. So whenever we look at even a quick hack ... it's got to be of quality. That's what customers have told us time and again.

We saw the exploit code and our Security Windows Reaction Team tested it against the patch, and we were convinced we would see an attack. It was only a matter of time,

A lot of things have changed since Slammer, ... Customers are more aware of the need to move into a maintenance mindset. Customers using Windows 2003 Server SP1 Service Pack 1 weren't impacted by the vulnerability because of changes we made. This is best example of learning how to make product more resilient to attack and have it be secure by default.

If you aren't using Macromedia Flash Player, or know that you don't need it, you can disable the ActiveX control in Internet Explorer through the