Dailydave mailing list archives
Microsoft letdown day
From: Dave Aitel <dave () immunitysec com>
Date: Wed, 12 Jan 2005 11:00:31 -0500
I'm both happy and sad when there are no good Microsoft bugs. On one hand it's good that none of your bugs got blown (phew!), and on the other hand you don't have anything fun to do that day."Remote" bugs in IE just don't have that spark since five of them come out a week.
One thing I've noticed is that it's now endemic that everyone agrees with DJB that client-side bugs like the ANI overflow are "remote bugs". This is crazy! I wonder if it's skewing any new "research" on "windows of vulnerability" or "The security of Linux versus Microsoft Windows". There are three simple classifications:
Local Remote Client-SideAn IE bug is not a remote bug. It's a client-side bug. I like how they claim there's "remote code execution." Is it making a DCOM call to a remote machine? :>
If the industry can't even get this sort of thing right, how do we expect it to do something hard, like protect my Sidekick from getting owned?
-dave _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Microsoft letdown day Dave Aitel (Jan 12)
- Re: Microsoft letdown day Florian Weimer (Jan 12)
- Re: Microsoft letdown day Jeremy Kelley (Jan 12)
- <Possible follow-ups>
- RE: Microsoft letdown day Maynor, David (ISS Atlanta) (Jan 12)
- RE: Microsoft letdown day Aleksander P. Czarnowski (Jan 12)
- Re: Microsoft letdown day Florian Weimer (Jan 12)
- RE: Microsoft letdown day Altheide, Cory B. (IARC) (Jan 12)