Full Disclosure mailing list archives
Re: Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution
From: Tim <tim-security () sentinelchicken org>
Date: Wed, 18 Feb 2004 12:04:33 -0800
The first is that this IE bug is life-threatening. It's not.
(look below)
The second is that IE cost the users' money. It didn't.
IE is "part of the OS". Therefore users did pay for it.
It's not my moral responsibility to list every single component that's wrong if I recall the vehicle. Microsoft has, several times now, recalled the vehicle and replaced it for free.
No, not every component. Just the ones that could lead to catastrophic failure. Does the auto industry report every bug that could lead to catastrophic failure without being forced to? No. Should they morally? Yes.
Where's the problem? This is outrageous FUD. Web browsers are not used in medical appliances.
Oh? Have you worked in a hospital? I haven't, but I am willing to bet a lot of medical records and even appliances are run on Windows. Correct me if I am wrong. Regardless, we aren't just talking about the most obvious industries like the medical. What about cars? I believe M$ is trying to put CE or some variant into cars now. What about SCADA systems? Military? If you haven't figured it out yet, in a realtively small number of years, every freaking device you buy that does anything useful will have some kind of OS on it. If our current standard of security isn't raised... well fill in the blank. In any case, the comment I was originally responding to was: "Do we expect even Sun or Apple to tell us about every buffer overflow they fix? Hell, do we expect Linux or NetBSD to do so?" So you are the one who broadened the scope outside of browsers. I am merely responding to your narrow-minded view of what a software developer's responsibility is in situations like this. I am not just attacking M$. Most software sucks. Software developers and their companies need to be held more accountable for their actions. Respond if you wish, but I have made my statements and will no longer comment on this thread. tim _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution, (continued)
- Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution KF (Feb 15)
- Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution morning_wood (Feb 15)
- Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Byron Copeland (Feb 15)
- RE: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Aditya, ALD [Aditya Lalit Deshmukh] (Feb 16)
- Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution morning_wood (Feb 17)
- Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution gabriel rosenkoetter (Feb 18)
- Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Dave Sherohman (Feb 18)
- RE: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Steve Wray (Feb 18)
- Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Tim (Feb 18)
- Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution gabriel rosenkoetter (Feb 18)
- Re: Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Tim (Feb 18)
- Re: Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution insecure (Feb 18)
- RE: Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Bill Royds (Feb 18)
- Re: Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Phil Brutsche (Feb 18)
- RE: Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Paul Schmehl (Feb 18)
- Re: Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution morning_wood (Feb 18)
- Re: Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Paul Schmehl (Feb 18)
- RE: Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Byron Copeland (Feb 18)
- Re: Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution morning_wood (Feb 18)
- RE: Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Shawn K. Hall (RA/Security) (Feb 18)
- RE: Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution CHS (Feb 18)