RE: Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution

["Shawn K. Hall \(RA/Security\)" <Security () ReliableAnswers com>]

Hi Gabriel,

> > Software bugs can cause death, and have before,
> > both on the small scale, and the large scale.
>
> This is outrageous FUD. Web browsers are not used in
> medical appliances.

'Life-and-death' isn't just about medical appliances. The power outage
last year in the north-east USA which struck eight states and part of
canada over the course of several days was exarcebated by a software
bug:
  http://www.cnn.com/2004/US/Northeast/02/13/blackout.ap/
  NEW YORK (AP) -- A programming error has been identified
  as the cause of alarm failures that might have contributed
  to the scope of last summer's Northeast blackout, industry
  officials said Thursday.


I have no doubt that the traffic lights alone going out would have
caused at least one person to die - and I personally saw two (rather
bad) car accidents only a block away from my house minutes after the
power went out. I doubt those were the only ones.

It *does* happen. It *can* cause loss of life. Not having power during
the summer heat is definitely capable of loss of life, especially for
the very young and elderly, who rely on air conditioning and other
'home' power devices to survive their environments.

Granted, this thread was initially about an IE exploit, and I highly
doubt IE was in any way involved in this, but my point (and the one
you responded to) was that software errors don't cause loss of life.
They can, do, and they are rarely held accountable.

Regards,

Shawn K. Hall
http://ReliableAnswers.com/

'// ========================================================
    "Try not. Do. Or do not. There is no try."
       -- Yoda


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html