Full Disclosure mailing list archives
RE: MSIE (mshtml.dll) OBJECT tag vulnerability
From: "Chris Eagle" <cseagle () redshift com>
Date: Fri, 28 Apr 2006 10:31:18 -0700
My $0.02, ignore as you see fit. As a consumer, I prefer (arguably have the right) to know at the earliest possible opportunity whether a product I am using is flawed. Whether a medication appears to cause cancer, my car is prone to exploding when rear ended, or a piece of software is found to be exploitable. I don't wish to wait through some potentially lengthy process, legal or otherwise, in which the producer of the product denies or downplays the severity of the flaw before finally addressing the problem and making the flaw public before I hear about it for the first time. To pretend that you are somehow immune to the problem while the vendor fails to disclose it is simply ridiculous. While vendor coordination is certainly nice to have, the ONLY thing I would like to see required in pre-patch disclosures are constructive ways to mitigate the problem, and the impact of those mitigations. For those that would not disclose, what gives you the right to judge whether someone is capable of dealing or not dealing with the newly announced vulnerability, and what makes you think that you are qualified to manage the risk on my networks? If you are an information security professional, then you are paid to deal with "problem", if you are not capable of dealing with it, then you need to rethink your profession. Flame away, Chris _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- RE: MSIE (mshtml.dll) OBJECT tag vulnerability, (continued)
- RE: MSIE (mshtml.dll) OBJECT tag vulnerability Michal Zalewski (Apr 27)
- RE: MSIE (mshtml.dll) OBJECT tag vulnerability Pedro Hugo (Apr 27)
- Re: MSIE (mshtml.dll) OBJECT tag vulnerability str0ke (Apr 27)
- Re: MSIE (mshtml.dll) OBJECT tag vulnerability poo (Apr 27)
- RE: MSIE (mshtml.dll) OBJECT tag vulnerability Pedro Hugo (Apr 27)
- Re[2]: MSIE (mshtml.dll) OBJECT tag vulnerability Thierry Zoller (Apr 27)
- RE: MSIE (mshtml.dll) OBJECT tag vulnerability Michal Zalewski (Apr 27)
- RE: MSIE (mshtml.dll) OBJECT tag vulnerability Tim Bilbro (Apr 27)
- RE: MSIE (mshtml.dll) OBJECT tag vulnerability Michal Zalewski (Apr 27)
- Re: MSIE (mshtml.dll) OBJECT tag vulnerability Brian Eaton (Apr 27)
- Re: MSIE (mshtml.dll) OBJECT tag vulnerability Michal Zalewski (Apr 27)
- Re: MSIE (mshtml.dll) OBJECT tag vulnerability Peter Besenbruch (Apr 28)
- RE: MSIE (mshtml.dll) OBJECT tag vulnerability Chris Eagle (Apr 28)
- Re: MSIE (mshtml.dll) OBJECT tag vulnerability Sol Invictus (Apr 28)
- Re: MSIE (mshtml.dll) OBJECT tag vulnerability Aaron Gray (Apr 28)
- Re: MSIE (mshtml.dll) OBJECT tag vulnerability Valdis . Kletnieks (Apr 28)
- Re: MSIE (mshtml.dll) OBJECT tag vulnerability Aaron Gray (Apr 28)
- Re: MSIE (mshtml.dll) OBJECT tag vulnerability Aaron Gray (Apr 28)
- RE: MSIE (mshtml.dll) OBJECT tag vulnerability Michal Zalewski (Apr 27)
- Re: MSIE (mshtml.dll) OBJECT tag vulnerability Tim (Apr 27)
- Re: MSIE (mshtml.dll) OBJECT tag vulnerability Sol Invictus (Apr 28)