| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: staff at k-otik.com (K-OTik Security) Subject: Microsoft Internet Explorer 6 SP2 Vulnerabilities / FD vs. Security by Obscurity Let s play, on Wednesday 17, Nov - Secunia released the advisory Microsoft Internet Explorer Two Vulnerabilities, related to a vulnerability discovered by cyber flash. This file download security warning bypass (unpatched) flaw could be exploited to download a malicious executable file masqueraded as a HTML document. Microsoft said : Secunia you're bad, this vulnerability was not disclosed responsibly Secunia said NO ! No ! We did not release the technical details of this flaw and our policy is to not reveal vulnerability details until a fix had been provided, unless they were already in the wild. We did not discover this vulnerability, so we can not censure it Some people said Who is cyberflash ? perhaps Secunia discovered this flaw, but masked it behind a third party researcher K-OTik Says to Some people : cyber flash is not a fictitious security researcher K-OTik Says to MS & Secunia : There is no security through obscurity...and full disclosure is our policy ---------------------------------------------------------------- Internet Explorer 6.0 SP2 File Download Security Warning Bypass ---------------------------------------------------------------- Exploit -> http://www.k-otik.com/exploits/20041119.IESP2Unpatched.php Technical Details - > http://www.k-otik.com/exploits/20041119.IESP2disclosure.php all credits go to Cyber flash A.K.A Vengy Regards K-OTik Security Research & Survey Team 24/7 kttp://www.k-otik.com
Powered by blists - more mailing lists