lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: michael at elsdoerfer.net (Michael Elsdörfer)
Subject: AW: IE Changes / Software Patents

> Does anyone care to wager how many security vulnerabilities Microsoft will
> create by making this change?

None. There are still the security settings, which are currently used.

> -----Urspr?ngliche Nachricht-----
> Von: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-
> admin@...ts.netsys.com] Im Auftrag von Joel R. Helgeson
> Gesendet: Mittwoch, 8. Oktober 2003 13:52
> An: full-disclosure@...ts.netsys.com
> Betreff: Re: [Full-Disclosure] IE Changes / Software Patents
> 
> Does anyone care to wager how many security vulnerabilities Microsoft will
> create by making this change?
> 
> Joel R. Helgeson
> Director of Networking & Security Services
> SymetriQ Corporation
> 
> "Give a man fire, and he'll be warm for a day; set a man on fire, and
> he'll
> be warm for the rest of his life."
> ----- Original Message -----
> From: "Rainer Gerhards" <rgerhards@...adiscon.com>
> To: <full-disclosure@...ts.netsys.com>
> Sent: Tuesday, October 07, 2003 2:36 PM
> Subject: [Full-Disclosure] IE Changes / Software Patents
> 
> 
> > I just found a very interesting effect of software patents:
> >
> > http://www.microsoft.com/presspass/press/2003/oct03/10-06EOLASPR.asp
> >
> > As was posted on this list not so far ago, Microsoft lost a case against
> > Eolas on some aspects of ActiveX embedding in IE. Their technical
> > reaction is a good sample of what software patents cause:
> >
> > http://msdn.microsoft.com/ieupdate/activexchanges.asp
> >
> > In short
> >
> > - a lot of web pages are broken (even PDF should not work in all cases)
> > - the user will become educated to press OK on popups even more often
> > - wild workarounds are created (base64 encode the parameter instead
> > passing it clear-text) to avoid patented code
> >
> > That last point is not written directly in the msdn document, but I read
> > between the lines this will be the preferred workaround.
> >
> > Isn't that nicely?
> >
> > Rainer
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ