Re: [Full-Disclosure] Comments on 5 IE vulnerabilities

[Cael Abal <lists@onryou.com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thor Larholm wrote:
| When I attended the NTBugtraq Retreat earlier this year, most of the
| attendees were surprised to hear that I am using Internet Explorer on
| a daily basis, particularly since I should know how vulnerable it can
| be at any given time. I surf with JavaScript and ActiveX enabled, see
| flash movies and play Java games, but despite this I am not vulnerable
| [0] to a single command execution vulnerability or system compromise
| through Internet Explorer.
|
| How, you might ask? Simple, I have locked down the My Computer
| security zone on my installations [1].

Hi Thor,

Don't you think perhaps that time used to take a bad browser and make it
better is really time better spent elsewhere? It's like taking a pie
out of the trash and picking off the coffee grounds and ashes instead of
just baking another pie.

It's probably worthwhile to note for the peanut gallery that you've
really only demonstrated a resistance to known exploits which depend on
local security zones, and not any number of unknown exploits which
(conceivably) do not. Not that you claimed otherwise, of course.

Don't get me wrong, I do think your efforts are valuable -- you
effectively point out how IE can be hardened. Regardless, I'll
personally continue to recommend an alternative browser.

Take care,

Cael
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/y/3nR2vQ2HfQHfsRAie1AKC+FNSZKWD63rdSALhw+MQObM2WMQCguwxf
Tv8pQ0tKf8B+M+Nq27ePsjE=
=a5Yq
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html