Dailydave mailing list archives
RE: Microsoft letdown day
From: "Maynor, David (ISS Atlanta)" <dmaynor () iss net>
Date: Wed, 12 Jan 2005 11:07:04 -0500
You know you get more press if you claim something is remote. It's a disturbing trend and no end is in site. -----Original Message----- From: dailydave-bounces () lists immunitysec com [mailto:dailydave-bounces () lists immunitysec com] On Behalf Of Dave Aitel Sent: Wednesday, January 12, 2005 11:01 AM To: dailydave Subject: [Dailydave] Microsoft letdown day I'm both happy and sad when there are no good Microsoft bugs. On one hand it's good that none of your bugs got blown (phew!), and on the other hand you don't have anything fun to do that day."Remote" bugs in IE just don't have that spark since five of them come out a week. One thing I've noticed is that it's now endemic that everyone agrees with DJB that client-side bugs like the ANI overflow are "remote bugs". This is crazy! I wonder if it's skewing any new "research" on "windows of vulnerability" or "The security of Linux versus Microsoft Windows". There are three simple classifications: Local Remote Client-Side An IE bug is not a remote bug. It's a client-side bug. I like how they claim there's "remote code execution." Is it making a DCOM call to a remote machine? :> If the industry can't even get this sort of thing right, how do we expect it to do something hard, like protect my Sidekick from getting owned? -dave _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Microsoft letdown day Dave Aitel (Jan 12)
- Re: Microsoft letdown day Florian Weimer (Jan 12)
- Re: Microsoft letdown day Jeremy Kelley (Jan 12)
- <Possible follow-ups>
- RE: Microsoft letdown day Maynor, David (ISS Atlanta) (Jan 12)
- RE: Microsoft letdown day Aleksander P. Czarnowski (Jan 12)
- Re: Microsoft letdown day Florian Weimer (Jan 12)
- RE: Microsoft letdown day Altheide, Cory B. (IARC) (Jan 12)