Full Disclosure mailing list archives

Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution

From: gabriel rosenkoetter <gr () eclipsed net>
Date: Wed, 18 Feb 2004 08:29:49 -0500

On Tue, Feb 17, 2004 at 09:45:35PM -0800, morning_wood wrote:

http://news.com.com/2100-7355_3-5160566.html?part=rss&tag=feed&subj=news
http://www.snpx.com/cgi-bin/news5.cgi?target=www.newsnow.co.uk/cgi/NGoto/50814457?-2622


  'Microsoft fixed the issue in later versions of Internet Explorer
  without telling consumers, a practice known in security circles as
  the "silent fix." Patching is always good, but the company should
  make sure that it informs the end users, said Chris Wysopal, vice
  president for research and development at digital security firm
  @Stake.'

Oh, give me a break. Some developer went, "Oh, hey, I'm not bounds
checking there. Okay, fix that," and the changes filtered out into
the release of IE. You don't release "security patches" except in
response to publication of a serious vulnerability, and especially
in response to a problem that's systemic. This is *a* buffer
overflow. Do we expect even Sun or Apple to tell us about every
buffer overflow they fix? Hell, do we expect Linux or NetBSD to do
so? C'mon, people. If you're going to be quoted for publication, try
to make statements reasonable to the actual importance of the issues
at hand.

-- 
gabriel rosenkoetter
gr () eclipsed net

Attachment: _bin
Description:

Current thread:

GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution gta (Feb 15)
- Microsoft source code "leak" Exibar (Feb 15)
  - Re: Microsoft source code "leak" Joshua Levitsky (Feb 15)
- Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution KF (Feb 15)
  - Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution morning_wood (Feb 15)
    - Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution KF (Feb 15)
    - Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution morning_wood (Feb 15)
    - Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Byron Copeland (Feb 15)
    - RE: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Aditya, ALD [Aditya Lalit Deshmukh] (Feb 16)
    - Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution morning_wood (Feb 17)
    - Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution gabriel rosenkoetter (Feb 18)
    - Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Dave Sherohman (Feb 18)
    - RE: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Steve Wray (Feb 18)
    - Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Tim (Feb 18)
    - Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution gabriel rosenkoetter (Feb 18)
    - Re: Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Tim (Feb 18)
    - Re: Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution insecure (Feb 18)
    - RE: Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Bill Royds (Feb 18)
    - Re: Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Phil Brutsche (Feb 18)
    - RE: Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Paul Schmehl (Feb 18)
    - Re: Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution morning_wood (Feb 18)

(Thread continues...)