lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: rahnemann at affinity-mortgage.com (Robert Ahnemann) Subject: Internet Explorer URL parsing vulnerability - fix available That's the beauty of the net...you don't have to if you don't want to. <snip> At least Microsoft is a trusted source </snip> That's one of the more debatable things I've heard all day... Rob Ahnemann Intranet Application Developer 1401 S. Lamar St. Dallas, TX 800.270.8565 x 780 > -----Original Message----- > From: Exibar [mailto:exibar@...lair.com] > Sent: Tuesday, December 16, 2003 2:47 PM > To: Gregory A. Gilliss; full-disclosure@...ts.netsys.com > Subject: Re: [Full-Disclosure] Internet Explorer URL parsing vulnerability > - fix available > > Agreed. I also feel that why should a company pay this 3rd party for a > patch for a vulnerability that isn't really *huge* like a slammer or > code-red deal. I'm sure that Microsoft will patch it, for free. > If the source isn't available for the 3rd party's patch, how do we know > what it's really doing? How do we know it isn't a security hazard? At > least Microsoft is a trusted source, and did I mention free already? > > If a home user is THAT worried about this vulnerability, they're already > aware of what it does and therefore should know better. > > Just wait for Microsoft to release the patch is what I say, FWIW. > > Exibar > > ----- Original Message ----- > From: "Gregory A. Gilliss" <ggilliss@...publishing.com> > To: <full-disclosure@...ts.netsys.com> > Sent: Tuesday, December 16, 2003 2:29 PM > Subject: Re: [Full-Disclosure] Internet Explorer URL parsing vulnerability > - > fix available > > > > Well his post gives me some pause...since this is a "shareware" product > > (the poster is out to make some $$$ for themselves) I wonder that it > doesn't > > count as a commercial solicitation. Besides that, AFAIK the URL filter > > is not available in source code format (for peer review). IN short, I'd > > say that this is about as far from "full disclosure" as you can get, > > albeit that it does appear to address the vulnerability... > > > > G > > > > On or about 2003.12.16 16:31:54 +0000, Frank Hagenson > (fulldisclosure@...enson.com) said: > > > > > A fix for this vulnerability is available at my website: > > > http://www.abracadabrasolutions.com/UrlFilter.htm > > > > > > Regards, > > > Frank Hagenson. > > > > -- > > Gregory A. Gilliss, CISSP E-mail: > greg@...liss.com > > Computer Security WWW: > http://www.gilliss.com/greg/ > > PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 > 0E > 8C A3 > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists