| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: jsage at finchhaven.com (John Sage) Subject: Comments on 5 IE vulnerabilities Executive summary follows post distilled down to its essence: On Mon, Dec 01, 2003 at 03:37:04PM -0800, Thor Larholm wrote: > From: "Thor Larholm" <thor@...x.com> > To: <full-disclosure@...ts.netsys.com> > Subject: [Full-Disclosure] Comments on 5 IE vulnerabilities > Date: Mon, 1 Dec 2003 15:37:04 -0800 /* snip */ > Much ado has been made about those vulnerabilities and they have > been covered in numerous places such as Forbes, NY Times and > CNN. What this tells me is that we need a radically different > approach than the status quo. /* snip */ > As a final comment, I do believe that vulnerability researchers > should notify vendors of potential vulnerabilities and give them > some time to fix these before exposing the public to the dangers of > those vulnerabilities. Posting demonstratory proof-of-concept code > has served to apply pressure in the past towards unresponsive > vendors, but not giving the vendors any chance to respond at all in > the first place is simply irresponsible and jeopardizes the security > of the Internet as a whole. READ: "Too much damn publicity is *still* being given to Micro$oft's ongoing inability to patch its crappy web browser. You all know damn well that Micro$oft doesn't give a rip about vulnerabilities so long as there's no bad publicity and no negative effect on its bottom line. If all you people would just shut up and let this sort of stuff fade into the background, PivX's patron-benefactor, Micro$oft, would be able to perpetuate the status quo indefinitely, continued to amass billions of dollars of undeserved cash reserves, and further consolidate its beyond-dominating monopoly." - John -- "Most people don't type their own logfiles; but, what do I care?" - John Sage: InfoSec Groupie - ABCD, EFGH, IJKL, EmEnOh, Pplus+, Mminus- - ATTENTION: this entire message is privileged communication, intended for the sole use of its recipients only. If you read it even though you know you aren't supposed to, you're a poopy-head.
Powered by blists - more mailing lists