Full Disclosure mailing list archives
Re: Comments on 5 IE vulnerabilities
From: Cael Abal <lists () onryou com>
Date: Mon, 01 Dec 2003 21:50:16 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thor Larholm wrote: | When I attended the NTBugtraq Retreat earlier this year, most of the | attendees were surprised to hear that I am using Internet Explorer on | a daily basis, particularly since I should know how vulnerable it can | be at any given time. I surf with JavaScript and ActiveX enabled, see | flash movies and play Java games, but despite this I am not vulnerable | [0] to a single command execution vulnerability or system compromise | through Internet Explorer. | | How, you might ask? Simple, I have locked down the My Computer | security zone on my installations [1]. Hi Thor, Don't you think perhaps that time used to take a bad browser and make it better is really time better spent elsewhere? It's like taking a pie out of the trash and picking off the coffee grounds and ashes instead of just baking another pie. It's probably worthwhile to note for the peanut gallery that you've really only demonstrated a resistance to known exploits which depend on local security zones, and not any number of unknown exploits which (conceivably) do not. Not that you claimed otherwise, of course. Don't get me wrong, I do think your efforts are valuable -- you effectively point out how IE can be hardened. Regardless, I'll personally continue to recommend an alternative browser. Take care, Cael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/y/3nR2vQ2HfQHfsRAie1AKC+FNSZKWD63rdSALhw+MQObM2WMQCguwxf Tv8pQ0tKf8B+M+Nq27ePsjE= =a5Yq -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Comments on 5 IE vulnerabilities Thor Larholm (Dec 01)
- Re: Comments on 5 IE vulnerabilities Frank Knobbe (Dec 01)
- Re: Comments on 5 IE vulnerabilities Bruce Ediger (Dec 01)
- Re: Comments on 5 IE vulnerabilities Cael Abal (Dec 01)
- Re: Comments on 5 IE vulnerabilities Valdis . Kletnieks (Dec 04)
- Re: Comments on 5 IE vulnerabilities Jelmer (Dec 02)
- Re: Comments on 5 IE vulnerabilities Georgi Guninski (Dec 02)
- Re: Comments on 5 IE vulnerabilities John Sage (Dec 02)
- Re: Comments on 5 IE vulnerabilities Frank Knobbe (Dec 01)