Vulnerability Development mailing list archives
Re: [ALERT] Remote File Execution By Web or Mail: Internet Explorer
From: Glenn Valenta <glenn () coloradostudios com>
Date: Fri, 23 Nov 2001 17:21:21 -0700
Bill Weiss wrote:
Mariusz Mazur(mariusz () isn pl)@Thu, Nov 22, 2001 at 08:09:46PM +0100:
Is this just me or maybe more people think that releasing this "advisory" (though this should be called "intimidator") was completely irresponsible and plain stupid?I think the point was to show us that the MS policy is stupid. There's a hole, obviously it can be found, but MS doesn't want us to know about it.
With all the new MS OSs and now the non-disclosure of vulnerabilities, it seems to be a big drain on resources to cover all the potential vulnerabilities with external kluges. When I compare the amount of support time wasted on the security of MS products compared to the Macintosh, Linux and SGI workstation, it makes me consider dumping windows all together. I'm not the only person paying the MS penalty either. Since I either block or defang all potentially executable attachments at our mailserver, all the users have to waste time un-defanging attachments. Allot of web pages don't work right because I block most ports on our firewall. We also have the workstations preference files set up to prohibit activeX and java scripts from running making some websites useless. The main facet of the problem is that there is no way to fully disable IE and outlook from any MS product. These seem to have been the foundation for most all of the trojans and viruses the last few years. Just disabling these products would have kept us safe from viruses for the last two years. I'm not sure how I'm going to handle this passport crap yet except to ban XP from our company. MS has just increased the amount of time (through non-disclosure) we expend to cover our asses. It's time for use to consider how much time we waste covering our backside instead of moving forward. -- Glenn Valenta Engineering @ http://www.coloradostudios.com valenta () home com Personal mail glenn () coloradostudios com Work mail http://www.vambo.org
Current thread:
- [ALERT] Remote File Execution By Web or Mail: Internet Explorer hush . little . baby (Nov 21)
- RE: [ALERT] Remote File Execution By Web or Mail: Internet Explorer Steve (Nov 21)
- Re: [ALERT] Remote File Execution By Web or Mail: Internet Explorer Mariusz Mazur (Nov 22)
- Re: [ALERT] Remote File Execution By Web or Mail: Internet Explorer Robert Collins (Nov 22)
- Re: [ALERT] Remote File Execution By Web or Mail: Internet Explorer Bill Weiss (Nov 22)
- Re: [ALERT] Remote File Execution By Web or Mail: Internet Explorer Glenn Valenta (Nov 23)
- Re: [ALERT] Remote File Execution By Web or Mail: Internet Explorer Bill Weiss (Nov 25)
- Re[2]: [ALERT] Remote File Execution By Web or Mail: Internet Explorer Mariusz Mazur (Nov 23)
- Re: [ALERT] Remote File Execution By Web or Mail: Internet Explorer Markus Kern (Nov 23)
- <Possible follow-ups>
- RE: [ALERT] Remote File Execution By Web or Mail: Internet Explorer Ben Smee (Nov 22)
- Re[2]: [ALERT] Remote File Execution By Web or Mail: Internet Explorer Mariusz Mazur (Nov 23)
- Re: [ALERT] Remote File Execution By Web or Mail: Internet Explorer Thomas Schweikle (Nov 27)
- Re: [ALERT] Remote File Execution By Web or Mail: Internet Explorer terry white (Nov 27)