Bugtraq mailing list archives
Re: Update: Web browsers - a mini-farce (MSIE gives in)
From: Chris Paget <ivegotta () tombom co uk>
Date: Fri, 29 Oct 2004 11:45:32 +0100
On Wed, 27 Oct 2004 06:32:07 -0700, you wrote: <snip>
I write comms code - client- and server-side middleware. I wouldn't dream of implementing a protocol with code that didn't sanity-check the data it gets off the wire.
What's your point? That you don't believe IE has any sanity checks? More likely, this bug lies IN one of the sanity checks. No system is 100% secure. Fact. Every single software system on the planet, at least anything complex enough to justify the name "system", DOES HAVE security flaws. They may not be easy to find, but they're there. Anyone who believes otherwise either has access to technology FAR in advance of the rest of us here on earth, or is a fool. As proof of this, how about releasing some of *your* code? You believe that it is possible to write code that is completely secure, ie completely free of all security holes, both known and unknown, by strictly adhering to and enforcing every single aspect of the protocol it is designed to handle. I say that's not true - and I challenge you to prove me otherwise. Doesn't have to be a full application; a network protocol handler will be sufficient; doesn't even need to be from a commercial app. Just enough to demonstrate that you *are* telling the truth - either your code will stand up, in which case most developers can learn a few things by using your code as an example, or a flaw will be found to prove the case that 100% security can never be acheived, regardless of how well you believe you have validated your input. How about it? Prove your case? Chris -- Chris Paget ivegotta () tombom co uk
Current thread:
- RE: Update: Web browsers - a mini-farce (MSIE gives in) David Brodbeck (Oct 25)
- Re: Update: Web browsers - a mini-farce (MSIE gives in) Valdis . Kletnieks (Oct 27)
- <Possible follow-ups>
- Re: Update: Web browsers - a mini-farce (MSIE gives in) gabrield89 (Oct 25)
- Re: Update: Web browsers - a mini-farce (MSIE gives in) MCMuir (Oct 28)
- RE: Update: Web browsers - a mini-farce (MSIE gives in) Michael Wojcik (Oct 27)
- Re: Update: Web browsers - a mini-farce (MSIE gives in) Valdis . Kletnieks (Oct 27)
- Re: Update: Web browsers - a mini-farce (MSIE gives in) Chris Paget (Oct 29)
- RE: Update: Web browsers - a mini-farce (MSIE gives in) Michael Wojcik (Oct 27)
- Re: Update: Web browsers - a mini-farce (MSIE gives in) Valdis . Kletnieks (Oct 28)
- RE: Update: Web browsers - a mini-farce (MSIE gives in) David Brodbeck (Oct 28)
- RE: Update: Web browsers - a mini-farce (MSIE gives in) Michael Wojcik (Oct 28)
- RE: Update: Web browsers - a mini-farce (MSIE gives in) Tim Newsham (Oct 29)
- Re: Update: Web browsers - a mini-farce (MSIE gives in) Michael Shigorin (Oct 29)
- RE: Update: Web browsers - a mini-farce (MSIE gives in) David Brodbeck (Oct 29)
- RE: Update: Web browsers - a mini-farce (MSIE gives in) Tim Newsham (Oct 29)
- Re: Update: Web browsers - a mini-farce (MSIE gives in) Valdis . Kletnieks (Oct 29)
- Re: Update: Web browsers - a mini-farce (MSIE gives in) infamous41md (Oct 29)