4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code

[mouse at Rodents.Montreal.QC.CA (der Mouse)]

> At least one aspect of that is a design defect in TCP/IP, allowing
> unprivileged users to create a port to receive inbound connections.

I don't think it's fair to call that any kind of defect in TCP/IP.
There is nothing at all in TCP or IP that says anything whatsoever
about what privilege may or may not be necessary to establish a listen
for incoming connections.  If you must call this a flaw, at least place
the "flaw" where it actually is - in the implementation(s).

I'm also not convinced it's a flaw at all; calling it one sounds to me
like viewing a TCP stack designed for one environment from the point of
view of a drastically different environment.  In the environment most
current TCP stacks were designed for, listening for connections on a
"high" port should not be a restricted operation.  In calling that a
defect, you appear to be looking on it from a point of view which
disagrees with that, which actually means just that you've picked the
wrong TCP stack for your environment, not that there's anything wrong
with the stack for its design environment.

/~\ The ASCII                           der Mouse
\ / Ribbon Campaign
 X  Against HTML               mouse at rodents.montreal.qc.ca
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B