Full Disclosure mailing list archives
Re: MSIE (mshtml.dll) OBJECT tag vulnerability
From: bruen () coldrain net
Date: Wed, 26 Apr 2006 16:25:05 -0400 (EDT)
Hi Tim,Perhaps instead of viewing this as breaking into locked doors and look at it as consumer product information, such as problems with my automobile, it would not appear as such a big deal. I like product recalls and keeping vendors honest. Product safety has improved significantly over the past 20 years because of the openness of the flaws. I am sure that software has and will continue to benefit from full disclosure of their flaws.
cheers, bob On Wed, 26 Apr 2006, Tim Bilbro wrote:
You do a disservice to all IT shops by announcing these vulnerabilities before contacting the vendor. I am sure it would not generate as much web traffic to your site, but it is only fair and right to allow at least some amount of time for the vendor to respond. If you think you are helping, you are wrong. Would you go around town checking which stores are unlocked at night and then publish the list in the news before letting the shop owners know? That's pretty much what you are doing. It's just not helping. There is no proof that it is either. Tim Bilbro Information Security Specialist CISSP, MCSE trbilbro () verizon net web: www.bloglines.com/blog/Bilbro RSS: www.bloglines.com/blog/Bilbro/rss
-- Bob Bruen Cold Rain Technologies http://coldrain.net +1.802.579.6288 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: MSIE (mshtml.dll) OBJECT tag vulnerability, (continued)
- Re: MSIE (mshtml.dll) OBJECT tag vulnerability ipatches (Apr 24)
- Re: MSIE (mshtml.dll) OBJECT tag vulnerability Sol Invictus (Apr 24)
- Re: MSIE (mshtml.dll) OBJECT tag vulnerability Dave "No, not that one" Korn (Apr 25)
- Re: Re: MSIE (mshtml.dll) OBJECT tag vulnerability Valdis . Kletnieks (Apr 25)
- Re: Re: MSIE (mshtml.dll) OBJECT tag vulnerability Raoul Nakhmanson-Kulish (Apr 25)
- Re: Re: MSIE (mshtml.dll) OBJECT tag vulnerability Valdis . Kletnieks (Apr 25)
- Re: Re: MSIE (mshtml.dll) OBJECT tag vulnerability Raoul Nakhmanson-Kulish (en) (Apr 25)
- Re: MSIE (mshtml.dll) OBJECT tag vulnerability Sol Invictus (Apr 24)
- Re: MSIE (mshtml.dll) OBJECT tag vulnerability ipatches (Apr 24)
- Re: Re: MSIE (mshtml.dll) OBJECT tag vulnerability Javor Ninov (Apr 26)
- Re: MSIE (mshtml.dll) OBJECT tag vulnerability bruen (Apr 26)
- Re: MSIE (mshtml.dll) OBJECT tag vulnerability Michal Zalewski (Apr 26)
- Re: MSIE (mshtml.dll) OBJECT tag vulnerability Michal Zalewski (Apr 26)
- Re[2]: MSIE (mshtml.dll) OBJECT tag vulnerability Thierry Zoller (Apr 26)
- Re: MSIE (mshtml.dll) OBJECT tag vulnerability Morning Wood (Apr 26)
- Re: MSIE (mshtml.dll) OBJECT tag vulnerability Randal T. Rioux (Apr 26)
- Re: MSIE (mshtml.dll) OBJECT tag vulnerability Javor Ninov (Apr 27)
- RE: MSIE (mshtml.dll) OBJECT tag vulnerability Michal Zalewski (Apr 26)