Re: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerability
From: Ricardo Moura (ricardo_at_microhardbr.com.br)
Date: 12/12/03
- Previous message: Bill Royds: "RE: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerabi lity"
- In reply to: Jedi/Sector One: "Re: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerability"
- Next in thread: Clint Bodungen: "Re: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: full-disclosure@lists.netsys.com Date: Fri, 12 Dec 2003 08:36:12 -0200
On Wed, 10 Dec 2003 14:05:47 +0059
Jedi/Sector One <j@pureftpd.org> wrote:
> On Wed, Dec 10, 2003 at 09:23:40AM +0100, Feher Tamas wrote:
> > Unless the bug has already been exploited by malicious people, it was
> > a highly irresponsible act to disclose it to the public, without giving
> > Microsoft a reasonable timeframe to produce a fix.
>
> People know that new critical flaws are discovered in Internet Explorer
> every week, but keep using this product.
>
> Who is to blame here?
>
> > It may even qualify as a crime!
>
> In this case, Microsoft is the actual criminal.
>
> To bring back the traditionnal car-vs-software parallel... Imagine that
> Ford is selling cars that are known to have serious defects. Every week a new
> serial defect is found (and even not by the manufacturer but by an
> individual). And because of these defects, thousands of people are already
> dead. Now, the defect-of-the-week is that when you say "booh!" to a Ford car,
> it explodes 10 minutes later.
>
> Now when a car explodes because of that flaw, who is to blame?
>
> - People who keep buying those cars while knowing they are playing the russian
> roulette? Obviously.
>
> - Ford that still keeps selling these cars (fixing some reported flaws,
> ignoring some others, not really carefully testing anything themselves
> before products hit the market) ? Obviously.
>
> - A kiddy who notices the "booh!" bug by mistake and tells his friends (so
> that the problem is known to the public instead of being silent, waiting for
> a vendor fix and imagining that because the fix is there, everyone in the
> planet will immediately apply it)? Obviously not.
>
> Past the marketing "Microsoft now focuses on security" craptalk, the
> current situation regarding Internet Explorer is still the same for years.
> Use it without Qwik-fix, an antivirus, a firewall and strong reflexion
> before clicking anywhere and you are still vulnerable to trivial flaws. So
> instead of blaming whoever found the IE bugs of the week, just switch to
> other browsers.
well said :-]
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Bill Royds: "RE: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerabi lity"
- In reply to: Jedi/Sector One: "Re: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerability"
- Next in thread: Clint Bodungen: "Re: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
