RE: [Full-Disclosure] Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution
From: Shawn K. Hall (RA/Security) (Security_at_ReliableAnswers.com)
To: <firstname.lastname@example.org> Date: Wed, 18 Feb 2004 17:02:12 -0500
> > Software bugs can cause death, and have before,
> > both on the small scale, and the large scale.
> This is outrageous FUD. Web browsers are not used in
> medical appliances.
'Life-and-death' isn't just about medical appliances. The power outage
last year in the north-east USA which struck eight states and part of
canada over the course of several days was exarcebated by a software
NEW YORK (AP) -- A programming error has been identified
as the cause of alarm failures that might have contributed
to the scope of last summer's Northeast blackout, industry
officials said Thursday.
I have no doubt that the traffic lights alone going out would have
caused at least one person to die - and I personally saw two (rather
bad) car accidents only a block away from my house minutes after the
power went out. I doubt those were the only ones.
It *does* happen. It *can* cause loss of life. Not having power during
the summer heat is definitely capable of loss of life, especially for
the very young and elderly, who rely on air conditioning and other
'home' power devices to survive their environments.
Granted, this thread was initially about an IE exploit, and I highly
doubt IE was in any way involved in this, but my point (and the one
you responded to) was that software errors don't cause loss of life.
They can, do, and they are rarely held accountable.
Shawn K. Hall
"Try not. Do. Or do not. There is no try."
Full-Disclosure - We believe in it.