Full Disclosure mailing list archives
Re: MSIE (mshtml.dll) OBJECT tag vulnerability
From: poo <skodliv () gmail com>
Date: Thu, 27 Apr 2006 16:17:21 +0200
The funny part about this whole situation is that the people that bashed on MZ never contributed a pea to what he has to this list.
yeah you people should stop whining and start disclosing On 4/27/06, str0ke <str0ke () milw0rm com> wrote:
This isn't the whitehat lovers group, anything and everything goes for Full Disclosure."Just who does he think he is? [...] Zalewski may think he's some sort of hero disclosing this information, but his is the actof a vandal. No a vandal wouldn't disclose the information, a vandal on the other hand would sell the information / code to spyware companies. Hmm, think about it. The funny part about this whole situation is that the people that bashed on MZ never contributed a pea to what he has to this list. /str0ke On 4/27/06, Pedro Hugo <fractalg () highspeedweb net> wrote:"Just who does he think he is? [...] Zalewski may think he's somesortof hero disclosing this information, but his is the act of a vandal. Ifit turns out that the bug is exploitable and abused before it'spatched,then perhaps he'll be proud to be remembered for that."He is what he wants to be... Afaik, there are no laws about disclosure. Everyone does what he thinks it's best, even if it's best only forhimself(like Adam Smith "said", everyone acts on their own interest). The bug requires user interaction. If most users are too stupid to click anything, the problem will not be solved with patching. And, even with patches, can you estimate what percentage of systemswhichare patched right away ? Yeah, most aren't! No sysadmin likes to be catched by surprise with security problems. But, life isn't always perfect ! _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- smile tomorrow will be worse
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re[2]: MSIE (mshtml.dll) OBJECT tag vulnerability, (continued)
- Re[2]: MSIE (mshtml.dll) OBJECT tag vulnerability Thierry Zoller (Apr 26)
- Re: MSIE (mshtml.dll) OBJECT tag vulnerability Morning Wood (Apr 26)
- Re: MSIE (mshtml.dll) OBJECT tag vulnerability Randal T. Rioux (Apr 26)
- Re: MSIE (mshtml.dll) OBJECT tag vulnerability Javor Ninov (Apr 27)
- RE: MSIE (mshtml.dll) OBJECT tag vulnerability bruen (Apr 26)
- RE: MSIE (mshtml.dll) OBJECT tag vulnerability Michal Zalewski (Apr 26)
- RE: MSIE (mshtml.dll) OBJECT tag vulnerability Michal Zalewski (Apr 26)
- RE: MSIE (mshtml.dll) OBJECT tag vulnerability Michal Zalewski (Apr 27)
- RE: MSIE (mshtml.dll) OBJECT tag vulnerability Pedro Hugo (Apr 27)
- Re: MSIE (mshtml.dll) OBJECT tag vulnerability str0ke (Apr 27)
- Re: MSIE (mshtml.dll) OBJECT tag vulnerability poo (Apr 27)
- RE: MSIE (mshtml.dll) OBJECT tag vulnerability Pedro Hugo (Apr 27)
- Re[2]: MSIE (mshtml.dll) OBJECT tag vulnerability Thierry Zoller (Apr 27)
- RE: MSIE (mshtml.dll) OBJECT tag vulnerability Tim Bilbro (Apr 27)
- RE: MSIE (mshtml.dll) OBJECT tag vulnerability Michal Zalewski (Apr 27)
- Re: MSIE (mshtml.dll) OBJECT tag vulnerability Brian Eaton (Apr 27)
- Re: MSIE (mshtml.dll) OBJECT tag vulnerability Michal Zalewski (Apr 27)
- Re: MSIE (mshtml.dll) OBJECT tag vulnerability Peter Besenbruch (Apr 28)
- RE: MSIE (mshtml.dll) OBJECT tag vulnerability Chris Eagle (Apr 28)
- Re: MSIE (mshtml.dll) OBJECT tag vulnerability Sol Invictus (Apr 28)
- Re: MSIE (mshtml.dll) OBJECT tag vulnerability Aaron Gray (Apr 28)
- Re: MSIE (mshtml.dll) OBJECT tag vulnerability Valdis . Kletnieks (Apr 28)
- RE: MSIE (mshtml.dll) OBJECT tag vulnerability Michal Zalewski (Apr 27)