RE: [Full-Disclosure] [Bug Proofing Microsoft.com with Internet Explorer ** Part

From: Andrew Aris (andrew_at_dev.bigfishinternet.co.uk)
Date: 03/17/04

  • Next message: Dave Horsfall: "Re: [Full-Disclosure] Re: Microsoft Security, baby steps ?"
    To: <full-disclosure@lists.netsys.com>
    Date: Wed, 17 Mar 2004 10:20:26 -0000
    
    

    This is mainly the case because web design people dont really think about
    security, because thats not their job. WEb designers are essentially graphic
    designers who work in a specialised field. Their primary concerns are
    appearence, usability, and site promotion.

    > -----Original Message-----
    > From: full-disclosure-admin@lists.netsys.com
    > [mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of
    > Random Letters
    > Sent: 17 March 2004 09:28
    > To: full-disclosure@lists.netsys.com
    > Subject: RE: [Full-Disclosure] [Bug Proofing Microsoft.com
    > with Internet Explorer ** Part
    >
    > <opinion>
    >
    > I think this demonstrates that the web design people haven't
    > a clue about security. They're opening up their webserver to
    > all sorts of potential expliots. If he can get some simple
    > javascript to run then maybe other people can also do more
    > sophisticated stuff.
    >
    > Also, if they're that lax about security on their own
    > machines, even their externally facing machines, then what
    > does that say about the products they sell? They're supposed
    > to be in the software business and stress in their marketing
    > campaigns that their top concern is now security.
    >
    > Is is hypocrisy or is it incompetence?
    >
    > </opinion>
    >
    > _________________________________________________________________
    > Use MSN Messenger to send music and pics to your friends
    > http://www.msn.co.uk/messenger
    >
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter: http://lists.netsys.com/full-disclosure-charter.html
    >
    >

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Dave Horsfall: "Re: [Full-Disclosure] Re: Microsoft Security, baby steps ?"

    Relevant Pages

    • Re: Can someone please help with this ActiveX??
      ... This message is actually a sign of bad web design. ... to provide some pure html content for the case that ActiveX is disabled. ... Plaxoft Security Zone Manager ... I checked my security options and ...
      (microsoft.public.windows.inetexplorer.ie6.browser)
    • Re: SoBig.F author identified
      ... virus / worm / backdoors.. ... that part of the security is down to the ... digiServ Network - Web solutions ... Programming, Web design, development & hosting. ...
      (microsoft.public.security.virus)
    • RE: [Full-Disclosure] [Bug Proofing Microsoft.com with Internet Explorer ** Part
      ... They're opening up their webserver to all sorts of potential ... expliots. ... Also, if they're that lax about security on their own machines, even their ... externally facing machines, then what does that say about the products they ...
      (Full-Disclosure)