Full Disclosure mailing list archives
Seriously IE/FAME/BASHING
From: "Eric Lauzon" <eric.lauzon () abovesecurity com>
Date: Fri, 12 Nov 2004 16:47:45 -0500
Security dosent mean functionality. You have to make a choice. Like when you vote for an election. Now as with any os windows/IE will be secure if you cut down functionality. If you think everyone's windows desktop should be secured as lets say with irony, *bsd or linux or *nix even. (LOL as if its been so flawless and so innovative), Do you think every one would be using computers as it is today. So if your not smart enough to secure your self to prevent problems dont assume software vendors to take your hand and remove functionality so you can be secure. Whinning about a simple bug eventho it can have alot of impact is not whats gonna get you protected. What about those N other bugs in all other software that exist. Functionality VS SECURITY (PERIOD) The industry of security is pushing, software vendor are not following, some people want to have part in the industry only for the money and the fame, most of them post on ML so they get attention you see people trying to scare you with funky client side bugs as if other client software for other purpose are immuned ... :) its all about trust. I think they should lay back and try some test senario before saying its the ultimate bug yet ive not seen a variation of the IE exploit being able to exploit IE without scripting enabled And im not taking about cross-zone where it would go into the intranet zone and then exploit the bug using IFRAME exploit. Because if you do that but scripting is disabled in the INTRANET zone you will hit a dead end also. Im only writing this because ive seen hype and scared people arround the subject but ive yet to see an analysis if the situation that explain why that bug do not work when the web site IS NOT TRUSTED. Anyone want to prove the opposite?! -elz ps: dont exploit my grammar :) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Seriously IE/FAME/BASHING Eric Lauzon (Nov 12)