Full Disclosure mailing list archives
Re: Comments on 5 IE vulnerabilities
From: John Sage <jsage () finchhaven com>
Date: Tue, 2 Dec 2003 10:13:51 -0800
Executive summary follows post distilled down to its essence: On Mon, Dec 01, 2003 at 03:37:04PM -0800, Thor Larholm wrote:
From: "Thor Larholm" <thor () pivx com> To: <full-disclosure () lists netsys com> Subject: [Full-disclosure] Comments on 5 IE vulnerabilities Date: Mon, 1 Dec 2003 15:37:04 -0800
/* snip */
Much ado has been made about those vulnerabilities and they have been covered in numerous places such as Forbes, NY Times and CNN. What this tells me is that we need a radically different approach than the status quo.
/* snip */
As a final comment, I do believe that vulnerability researchers should notify vendors of potential vulnerabilities and give them some time to fix these before exposing the public to the dangers of those vulnerabilities. Posting demonstratory proof-of-concept code has served to apply pressure in the past towards unresponsive vendors, but not giving the vendors any chance to respond at all in the first place is simply irresponsible and jeopardizes the security of the Internet as a whole.
READ: "Too much damn publicity is *still* being given to Micro$oft's ongoing inability to patch its crappy web browser. You all know damn well that Micro$oft doesn't give a rip about vulnerabilities so long as there's no bad publicity and no negative effect on its bottom line. If all you people would just shut up and let this sort of stuff fade into the background, PivX's patron-benefactor, Micro$oft, would be able to perpetuate the status quo indefinitely, continued to amass billions of dollars of undeserved cash reserves, and further consolidate its beyond-dominating monopoly." - John -- "Most people don't type their own logfiles; but, what do I care?" - John Sage: InfoSec Groupie - ABCD, EFGH, IJKL, EmEnOh, Pplus+, Mminus- - ATTENTION: this entire message is privileged communication, intended for the sole use of its recipients only. If you read it even though you know you aren't supposed to, you're a poopy-head. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Comments on 5 IE vulnerabilities Thor Larholm (Dec 01)
- Re: Comments on 5 IE vulnerabilities Frank Knobbe (Dec 01)
- Re: Comments on 5 IE vulnerabilities Bruce Ediger (Dec 01)
- Re: Comments on 5 IE vulnerabilities Cael Abal (Dec 01)
- Re: Comments on 5 IE vulnerabilities Valdis . Kletnieks (Dec 04)
- Re: Comments on 5 IE vulnerabilities Jelmer (Dec 02)
- Re: Comments on 5 IE vulnerabilities Georgi Guninski (Dec 02)
- Re: Comments on 5 IE vulnerabilities John Sage (Dec 02)
- Re: Comments on 5 IE vulnerabilities Frank Knobbe (Dec 01)