[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
From: ricardo at microhardbr.com.br (Ricardo Moura)
Subject: Re: Internet Explorer URL parsing
vulnerability
On Wed, 10 Dec 2003 14:05:47 +0059
Jedi/Sector One <j@...eftpd.org> wrote:
> On Wed, Dec 10, 2003 at 09:23:40AM +0100, Feher Tamas wrote:
> > Unless the bug has already been exploited by malicious people, it was
> > a highly irresponsible act to disclose it to the public, without giving
> > Microsoft a reasonable timeframe to produce a fix.
>
> People know that new critical flaws are discovered in Internet Explorer
> every week, but keep using this product.
>
> Who is to blame here?
>
> > It may even qualify as a crime!
>
> In this case, Microsoft is the actual criminal.
>
> To bring back the traditionnal car-vs-software parallel... Imagine that
> Ford is selling cars that are known to have serious defects. Every week a new
> serial defect is found (and even not by the manufacturer but by an
> individual). And because of these defects, thousands of people are already
> dead. Now, the defect-of-the-week is that when you say "booh!" to a Ford car,
> it explodes 10 minutes later.
>
> Now when a car explodes because of that flaw, who is to blame?
>
> - People who keep buying those cars while knowing they are playing the russian
> roulette? Obviously.
>
> - Ford that still keeps selling these cars (fixing some reported flaws,
> ignoring some others, not really carefully testing anything themselves
> before products hit the market) ? Obviously.
>
> - A kiddy who notices the "booh!" bug by mistake and tells his friends (so
> that the problem is known to the public instead of being silent, waiting for
> a vendor fix and imagining that because the fix is there, everyone in the
> planet will immediately apply it)? Obviously not.
>
> Past the marketing "Microsoft now focuses on security" craptalk, the
> current situation regarding Internet Explorer is still the same for years.
> Use it without Qwik-fix, an antivirus, a firewall and strong reflexion
> before clicking anywhere and you are still vulnerable to trivial flaws. So
> instead of blaming whoever found the IE bugs of the week, just switch to
> other browsers.
well said :-]
Powered by blists - more mailing lists