Dailydave mailing list archives
Re: Microsoft letdown day
From: Florian Weimer <fw () deneb enyo de>
Date: Wed, 12 Jan 2005 17:31:09 +0100
* Dave Aitel:
An IE bug is not a remote bug. It's a client-side bug.
It's all about terminology. "remote attack (active)" and "remote attack (passive)" are reasonable distinctions, IMHO. "active" refers to the side of the attacker and means that the attacker can fulfill the attack requirements without cooperation from the victim. These categories have the advantage that they also apply to systems which don't follow the client/server model. Hardly anybody cares about proper description of attack requirements in these systems, so it's not a problem right now. But if we restrict our terminology to client/server systems, we will never get accurate descriptions. This is really, really unfortunate because most systems are only client/server at a very low abstraction level. DNS, Internet mail, Usenet, you name it. (BGP is very obviously *NOT* client/server, even at the lowest protocol levels, though.) _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Microsoft letdown day Dave Aitel (Jan 12)
- Re: Microsoft letdown day Florian Weimer (Jan 12)
- Re: Microsoft letdown day Jeremy Kelley (Jan 12)
- <Possible follow-ups>
- RE: Microsoft letdown day Maynor, David (ISS Atlanta) (Jan 12)
- RE: Microsoft letdown day Aleksander P. Czarnowski (Jan 12)
- Re: Microsoft letdown day Florian Weimer (Jan 12)
- RE: Microsoft letdown day Altheide, Cory B. (IARC) (Jan 12)