lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <00c001c3c415$d0ac83b0$1214dd80@corp.emc.com>
From: exibar at thelair.com (Exibar)
Subject: Internet Explorer URL parsing vulnerability - fix available

Agreed.  I also feel that why should a company pay this 3rd party for a
patch for a vulnerability that isn't really *huge* like a slammer or
code-red deal.  I'm sure that Microsoft will patch it, for free.
   If the source isn't available for the 3rd party's patch, how do we know
what it's really doing?  How do we know it isn't a security hazard?  At
least Microsoft is a trusted source, and did I mention free already?

  If a home user is THAT worried about this vulnerability, they're already
aware of what it does and therefore should know better.

  Just wait for Microsoft to release the patch is what I say, FWIW.

Exibar

----- Original Message ----- 
From: "Gregory A. Gilliss" <ggilliss@...publishing.com>
To: <full-disclosure@...ts.netsys.com>
Sent: Tuesday, December 16, 2003 2:29 PM
Subject: Re: [Full-Disclosure] Internet Explorer URL parsing vulnerability -
fix available


> Well his post gives me some pause...since this is a "shareware" product
> (the poster is out to make some $$$ for themselves) I wonder that it
doesn't
> count as a commercial solicitation. Besides that, AFAIK the URL filter
> is not available in source code format (for peer review). IN short, I'd
> say that this is about as far from "full disclosure" as you can get,
> albeit that it does appear to address the vulnerability...
>
> G
>
> On or about 2003.12.16 16:31:54 +0000, Frank Hagenson
(fulldisclosure@...enson.com) said:
>
> > A fix for this vulnerability is available at my website:
> > http://www.abracadabrasolutions.com/UrlFilter.htm
> >
> > Regards,
> > Frank Hagenson.
>
> -- 
> Gregory A. Gilliss, CISSP                              E-mail:
greg@...liss.com
> Computer Security                             WWW:
http://www.gilliss.com/greg/
> PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E
8C A3
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ