Bugtraq mailing list archives
RE: Six Step IE Remote Compromise Cache Attack
From: psz () maths usyd edu au (Paul Szabo)
Date: Thu, 6 Nov 2003 10:04:23 +1100 (EST)
Thor Larholm <thor () pivx com> wrote:
Is our goal to find new vulnerabilities and attack vectors to help secure users and critical infrastructures, or is our goal to ease exploitation of existing vulnerabilities?
The former is part of our goal, the latter is certainly not. We actively look for vulnerabilities: to help users and vendors, and simply because it is fun. We then try to advise users with workarounds, and try to get vendors to develop fixes. Sadly, to convince vendors that there is a problem worth fixing, sometimes we are forced to produce proof-of-concept exploits.
There are no new vulnerabilities ... in this attack ...
This demo may have been necessary to convince MS to fix those old vulnerabilities. [In another message you wrote:
... and Microsoft are patching those vulnerabilities.
Any concrete evidence to that?]
Believe me, I am all in for full disclosure ...
We are judged by our actions. The vocal ones usually have something to hide. Cheers, Paul Szabo - psz () maths usyd edu au http://www.maths.usyd.edu.au:8000/u/psz/ School of Mathematics and Statistics University of Sydney 2006 Australia
Current thread:
- RE: Six Step IE Remote Compromise Cache Attack, (continued)
- RE: Six Step IE Remote Compromise Cache Attack Thor Larholm (Nov 05)
- RE: Six Step IE Remote Compromise Cache Attack Steve Hillier (Nov 05)
- RE: Six Step IE Remote Compromise Cache Attack Benjamin Franz (Nov 05)
- RE: Six Step IE Remote Compromise Cache Attack white colin john (Nov 05)
- RE: Six Step IE Remote Compromise Cache Attack Tyler Larson (Nov 06)
- Re: Six Step IE Remote Compromise Cache Attack Florian Weimer (Nov 07)
- Re: Six Step IE Remote Compromise Cache Attack Florian Weimer (Nov 05)
- Re: Six Step IE Remote Compromise Cache Attack Seth Arnold (Nov 05)
- Re: Six Step IE Remote Compromise Cache Attack Jelmer (Nov 06)
- RE: Six Step IE Remote Compromise Cache Attack Thor Larholm (Nov 05)
- RE: Six Step IE Remote Compromise Cache Attack Thor Larholm (Nov 05)
- RE: Six Step IE Remote Compromise Cache Attack Paul Szabo (Nov 05)
- RE: Six Step IE Remote Compromise Cache Attack Drew Copley (Nov 06)
- Re: Six Step IE Remote Compromise Cache Attack http-equiv () excite com (Nov 06)
- Re: RE: Six Step IE Remote Compromise Cache Attack Steven M. Christey (Nov 06)
- Re: RE: Six Step IE Remote Compromise Cache Attack Paul Schmehl (Nov 06)
- RE: Six Step IE Remote Compromise Cache Attack Steven M. Christey (Nov 07)
- Re: Six Step IE Remote Compromise Cache Attack Goetz Babin-Ebell (Nov 10)
- Re: Six Step IE Remote Compromise Cache Attack Byron Sonne (Nov 10)
- RE: Six Step IE Remote Compromise Cache Attack Alun Jones (Nov 11)
- Re: Six Step IE Remote Compromise Cache Attack Goetz Babin-Ebell (Nov 10)
- Re: Six Step IE Remote Compromise Cache Attack Steven M. Christey (Nov 10)
- RE: Six Step IE Remote Compromise Cache Attack Michael Wojcik (Nov 11)