[<prev] [next>] [day] [month] [year] [list]
Message-ID: <E8A3392724A75849B7FA030CAF41A748B36C1A@amserv0.affinity-mortgage.com>
From: rahnemann at affinity-mortgage.com (Robert Ahnemann)
Subject: Internet Explorer URL parsing vulnerability - fix available
That's the beauty of the net...you don't have to if you don't want to.
<snip>
At least Microsoft is a trusted source
</snip>
That's one of the more debatable things I've heard all day...
Rob Ahnemann
Intranet Application Developer
1401 S. Lamar St.
Dallas, TX 800.270.8565 x 780
> -----Original Message-----
> From: Exibar [mailto:exibar@...lair.com]
> Sent: Tuesday, December 16, 2003 2:47 PM
> To: Gregory A. Gilliss; full-disclosure@...ts.netsys.com
> Subject: Re: [Full-Disclosure] Internet Explorer URL parsing
vulnerability
> - fix available
>
> Agreed. I also feel that why should a company pay this 3rd party for
a
> patch for a vulnerability that isn't really *huge* like a slammer or
> code-red deal. I'm sure that Microsoft will patch it, for free.
> If the source isn't available for the 3rd party's patch, how do we
know
> what it's really doing? How do we know it isn't a security hazard?
At
> least Microsoft is a trusted source, and did I mention free already?
>
> If a home user is THAT worried about this vulnerability, they're
already
> aware of what it does and therefore should know better.
>
> Just wait for Microsoft to release the patch is what I say, FWIW.
>
> Exibar
>
> ----- Original Message -----
> From: "Gregory A. Gilliss" <ggilliss@...publishing.com>
> To: <full-disclosure@...ts.netsys.com>
> Sent: Tuesday, December 16, 2003 2:29 PM
> Subject: Re: [Full-Disclosure] Internet Explorer URL parsing
vulnerability
> -
> fix available
>
>
> > Well his post gives me some pause...since this is a "shareware"
product
> > (the poster is out to make some $$$ for themselves) I wonder that it
> doesn't
> > count as a commercial solicitation. Besides that, AFAIK the URL
filter
> > is not available in source code format (for peer review). IN short,
I'd
> > say that this is about as far from "full disclosure" as you can get,
> > albeit that it does appear to address the vulnerability...
> >
> > G
> >
> > On or about 2003.12.16 16:31:54 +0000, Frank Hagenson
> (fulldisclosure@...enson.com) said:
> >
> > > A fix for this vulnerability is available at my website:
> > > http://www.abracadabrasolutions.com/UrlFilter.htm
> > >
> > > Regards,
> > > Frank Hagenson.
> >
> > --
> > Gregory A. Gilliss, CISSP E-mail:
> greg@...liss.com
> > Computer Security WWW:
> http://www.gilliss.com/greg/
> > PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4
14
> 0E
> 8C A3
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
> >
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists