[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Comments on 5 IE vulnerabilities

To: full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] Comments on 5 IE vulnerabilities
From: John Sage <jsage@finchhaven.com>
Date: Tue, 2 Dec 2003 10:13:51 -0800

Executive summary follows post distilled down to its essence:

On Mon, Dec 01, 2003 at 03:37:04PM -0800, Thor Larholm wrote:
> From: "Thor Larholm" <thor@pivx.com>
> To: <full-disclosure@lists.netsys.com>
> Subject: [Full-Disclosure] Comments on 5 IE vulnerabilities
> Date: Mon, 1 Dec 2003 15:37:04 -0800

/* snip */

> Much ado has been made about those vulnerabilities and they have
> been covered in numerous places such as Forbes, NY Times and
> CNN. What this tells me is that we need a radically different
> approach than the status quo. 

/* snip */

> As a final comment, I do believe that vulnerability researchers
> should notify vendors of potential vulnerabilities and give them
> some time to fix these before exposing the public to the dangers of
> those vulnerabilities. Posting demonstratory proof-of-concept code
> has served to apply pressure in the past towards unresponsive
> vendors, but not giving the vendors any chance to respond at all in
> the first place is simply irresponsible and jeopardizes the security
> of the Internet as a whole.


READ:

"Too much damn publicity is *still* being given to Micro$oft's ongoing
inability to patch its crappy web browser. You all know damn well that
Micro$oft doesn't give a rip about vulnerabilities so long as there's
no bad publicity and no negative effect on its bottom line.

If all you people would just shut up and let this sort of stuff fade
into the background, PivX's patron-benefactor, Micro$oft, would be
able to perpetuate the status quo indefinitely, continued to amass
billions of dollars of undeserved cash reserves, and further
consolidate its beyond-dominating monopoly."




- John
-- 
"Most people don't type their own logfiles;  but, what do I care?"
-
John Sage: InfoSec Groupie
-
ABCD, EFGH, IJKL, EmEnOh, Pplus+, Mminus-
-
ATTENTION: this entire message is privileged communication, intended
for the sole use of its recipients only. If you read it even though
you know you aren't supposed to, you're a poopy-head.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Comments on 5 IE vulnerabilities
  - From: "Thor Larholm" <thor@pivx.com>

Prev by Date: Re: [Full-Disclosure] Comments on 5 IE vulnerabilities
Next by Date: RE: [Full-Disclosure] Increase probe on UDP port 1026
Previous by thread: Re: [Full-Disclosure] Comments on 5 IE vulnerabilities
Next by thread: [Full-Disclosure] [iSEC] Linux kernel do_brk() lacks argument bound checking
Index(es):
- Date
- Thread