Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: MSIE (mshtml.dll) OBJECT tag vulnerability

From: Javor Ninov <drfrancky () securax org>
Date: Thu, 27 Apr 2006 10:45:12 +0300
This is Full-Disclosure if you didn't notice. I personally don't care
about the vendors. I disclosure. going to check the stores can get me
nothing but jail time. but if it's not prohibited by law hell i will
disclosure such list.

Javor Ninov aka DrFrancky
http://securitydot.net/

Tim Bilbro wrote:

You do a disservice to all IT shops by announcing these vulnerabilities
before contacting the vendor. I am sure it would not generate as much
web traffic to your site, but it is only fair and right to allow at
least some amount of time for the vendor to respond. If you think you
are helping, you are wrong. Would you go around town checking which
stores are unlocked at night and then publish the list in the news
before letting the shop owners know? That's pretty much what you are
doing. It's just not helping. There is no proof that it is either.

*Tim Bilbro*
Information Security Specialist
CISSP, MCSE
/trbilbro () verizon net/
/web: //_www.bloglines.com/blog/Bilbro_/
<file://www.bloglines.com/blog/Bilbro>//
/RSS: //_www.bloglines.com/blog/Bilbro/rss_/
<file://www.bloglines.com/blog/Bilbro/rss>//


------------------------------------------------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: