Full Disclosure mailing list archives
Re: Re: Internet Explorer URL parsing vulnerability
From: Jedi/Sector One <j () pureftpd org>
Date: Wed, 10 Dec 2003 14:05:47 +0059
On Wed, Dec 10, 2003 at 09:23:40AM +0100, Feher Tamas wrote:
Unless the bug has already been exploited by malicious people, it was a highly irresponsible act to disclose it to the public, without giving Microsoft a reasonable timeframe to produce a fix.
People know that new critical flaws are discovered in Internet Explorer every week, but keep using this product. Who is to blame here?
It may even qualify as a crime!
In this case, Microsoft is the actual criminal. To bring back the traditionnal car-vs-software parallel... Imagine that Ford is selling cars that are known to have serious defects. Every week a new serial defect is found (and even not by the manufacturer but by an individual). And because of these defects, thousands of people are already dead. Now, the defect-of-the-week is that when you say "booh!" to a Ford car, it explodes 10 minutes later. Now when a car explodes because of that flaw, who is to blame? - People who keep buying those cars while knowing they are playing the russian roulette? Obviously. - Ford that still keeps selling these cars (fixing some reported flaws, ignoring some others, not really carefully testing anything themselves before products hit the market) ? Obviously. - A kiddy who notices the "booh!" bug by mistake and tells his friends (so that the problem is known to the public instead of being silent, waiting for a vendor fix and imagining that because the fix is there, everyone in the planet will immediately apply it)? Obviously not. Past the marketing "Microsoft now focuses on security" craptalk, the current situation regarding Internet Explorer is still the same for years. Use it without Qwik-fix, an antivirus, a firewall and strong reflexion before clicking anywhere and you are still vulnerable to trivial flaws. So instead of blaming whoever found the IE bugs of the week, just switch to other browsers. Best regards, -- __ /*- Frank DENIS (Jedi/Sector One) <j at 42-Networks.Com> -*\ __ \ '/ <a href="http://www.PureFTPd.Org/"> Secure FTP Server </a> \' / \/ <a href="http://www.Jedi.Claranet.Fr/"> Misc. free software </a> \/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: RE: FWD: Internet Explorer URL parsing vulnerability, (continued)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Valdis . Kletnieks (Dec 10)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Cedric Blancher (Dec 10)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability S G Masood (Dec 11)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability VeNoMouS (Dec 11)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability VeNoMouS (Dec 10)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Exibar (Dec 10)
- RES: RE: FWD: Internet Explorer URL parsing vulnerability Cleber P. de Souza (Dec 10)
- Re: Re: Internet Explorer URL parsing vulnerability Frank de Wit (Dec 10)
- Re: Re: Internet Explorer URL parsing vulnerability Jedi/Sector One (Dec 10)
- Re: Re: Internet Explorer URL parsing vulnerability Ricardo Moura (Dec 12)
- Re: Re: Internet Explorer URL parsing vulnerability Clint Bodungen (Dec 10)
- Re: Re: Internet Explorer URL parsing vulnerability S G Masood (Dec 10)
- Re: Re: Internet Explorer URL parsing vulnerability Clint Bodungen (Dec 10)
- RE: Re: Internet Explorer URL parsing vulnerability Rui Pereira (Dec 10)
- Re: Re: Internet Explorer URL parsing vulnerability Exibar (Dec 10)
- RE: Re: Internet Explorer URL parsing vulnerability Rui Pereira (Dec 10)
- Re: Re: Internet Explorer URL parsing vulnerability Exibar (Dec 10)