Dailydave mailing list archives

Re: Microsoft letdown day

From: Florian Weimer <fw () deneb enyo de>
Date: Wed, 12 Jan 2005 17:31:09 +0100

* Dave Aitel:

An IE bug is not a remote bug. It's a client-side bug.


It's all about terminology.  "remote attack (active)" and "remote
attack (passive)" are reasonable distinctions, IMHO.  "active" refers
to the side of the attacker and means that the attacker can fulfill
the attack requirements without cooperation from the victim.

These categories have the advantage that they also apply to systems
which don't follow the client/server model.  Hardly anybody cares
about proper description of attack requirements in these systems, so
it's not a problem right now.  But if we restrict our terminology to
client/server systems, we will never get accurate descriptions.  This
is really, really unfortunate because most systems are only
client/server at a very low abstraction level.  DNS, Internet mail,
Usenet, you name it.  (BGP is very obviously *NOT* client/server, even
at the lowest protocol levels, though.)
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Microsoft letdown day Dave Aitel (Jan 12)
- Re: Microsoft letdown day Florian Weimer (Jan 12)
- Re: Microsoft letdown day Jeremy Kelley (Jan 12)
- <Possible follow-ups>
- RE: Microsoft letdown day Maynor, David (ISS Atlanta) (Jan 12)
- RE: Microsoft letdown day Aleksander P. Czarnowski (Jan 12)
  - Re: Microsoft letdown day Florian Weimer (Jan 12)
- RE: Microsoft letdown day Altheide, Cory B. (IARC) (Jan 12)