Vulnerability Development mailing list archives
Re: [ALERT] Remote File Execution By Web or Mail: Internet Explorer
From: "Robert Collins" <robert.collins () itdomain com au>
Date: Fri, 23 Nov 2001 12:49:59 +1100
----- Original Message ----- From: "Mariusz Mazur" <mariusz () isn pl>
Ok... So we know that there is a bug... It's a critical one, ppl can "turn it off" by editing something in the registry and Microsoft is working hard to fix it. Oh... and we know that for the next 60 days some people can cause some damage to me and I have no way to protect myself.
Welcome to the world of partial disclosure.
Is this just me or maybe more people think that releasing this "advisory" (though this should be called "intimidator") was completely irresponsible and plain stupid?
Actually, I think that non-full disclosure is irresponsible and plain stupid. Of all the points on *both sides* of the argument, the one that I think is most important, is that without full disclosure or an equivalent audit process, there is no pressure other than market share and perception for software vendors to provide enough data for me to protect myself *OR* to validate that the software vendor is doing their job and protecting me. And this is a near perfect example of this: Enough data for me to protect myself - the registry file to import - will likely provide enough detail for a cracker to create an exploit. -Rob
Current thread:
- [ALERT] Remote File Execution By Web or Mail: Internet Explorer hush . little . baby (Nov 21)
- RE: [ALERT] Remote File Execution By Web or Mail: Internet Explorer Steve (Nov 21)
- Re: [ALERT] Remote File Execution By Web or Mail: Internet Explorer Mariusz Mazur (Nov 22)
- Re: [ALERT] Remote File Execution By Web or Mail: Internet Explorer Robert Collins (Nov 22)
- Re: [ALERT] Remote File Execution By Web or Mail: Internet Explorer Bill Weiss (Nov 22)
- Re: [ALERT] Remote File Execution By Web or Mail: Internet Explorer Glenn Valenta (Nov 23)
- Re: [ALERT] Remote File Execution By Web or Mail: Internet Explorer Bill Weiss (Nov 25)
- Re[2]: [ALERT] Remote File Execution By Web or Mail: Internet Explorer Mariusz Mazur (Nov 23)
- Re: [ALERT] Remote File Execution By Web or Mail: Internet Explorer Markus Kern (Nov 23)
- <Possible follow-ups>
- RE: [ALERT] Remote File Execution By Web or Mail: Internet Explorer Ben Smee (Nov 22)
- Re[2]: [ALERT] Remote File Execution By Web or Mail: Internet Explorer Mariusz Mazur (Nov 23)
- Re: [ALERT] Remote File Execution By Web or Mail: Internet Explorer Thomas Schweikle (Nov 27)
- Re: [ALERT] Remote File Execution By Web or Mail: Internet Explorer terry white (Nov 27)