This story is too weird for words. Microsoft adds PGP signatures at the bottom of its security bulletins, for verification. But if you try to verify the signatures, they fail. Already there has been at least one forged security bulletin, urging people to install a "patch" with a Trojan Horse. Microsoft's reaction to this all simply makes no sense; it's like there's no one thinking there, <http://www.newsbytes.com/news/01/168397.html>.