lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: rahnemann at affinity-mortgage.com (Robert Ahnemann)
Subject: Internet Explorer URL parsing vulnerability - fix available

That's the beauty of the net...you don't have to if you don't want to.


<snip>
At least Microsoft is a trusted source
</snip>

That's one of the more debatable things I've heard all day...

Rob Ahnemann
Intranet Application Developer
1401 S. Lamar St.
Dallas, TX 800.270.8565 x 780
 

> -----Original Message-----
> From: Exibar [mailto:exibar@...lair.com]
> Sent: Tuesday, December 16, 2003 2:47 PM
> To: Gregory A. Gilliss; full-disclosure@...ts.netsys.com
> Subject: Re: [Full-Disclosure] Internet Explorer URL parsing
vulnerability
> - fix available
> 
> Agreed.  I also feel that why should a company pay this 3rd party for
a
> patch for a vulnerability that isn't really *huge* like a slammer or
> code-red deal.  I'm sure that Microsoft will patch it, for free.
>    If the source isn't available for the 3rd party's patch, how do we
know
> what it's really doing?  How do we know it isn't a security hazard?
At
> least Microsoft is a trusted source, and did I mention free already?
> 
>   If a home user is THAT worried about this vulnerability, they're
already
> aware of what it does and therefore should know better.
> 
>   Just wait for Microsoft to release the patch is what I say, FWIW.
> 
> Exibar
> 
> ----- Original Message -----
> From: "Gregory A. Gilliss" <ggilliss@...publishing.com>
> To: <full-disclosure@...ts.netsys.com>
> Sent: Tuesday, December 16, 2003 2:29 PM
> Subject: Re: [Full-Disclosure] Internet Explorer URL parsing
vulnerability
> -
> fix available
> 
> 
> > Well his post gives me some pause...since this is a "shareware"
product
> > (the poster is out to make some $$$ for themselves) I wonder that it
> doesn't
> > count as a commercial solicitation. Besides that, AFAIK the URL
filter
> > is not available in source code format (for peer review). IN short,
I'd
> > say that this is about as far from "full disclosure" as you can get,
> > albeit that it does appear to address the vulnerability...
> >
> > G
> >
> > On or about 2003.12.16 16:31:54 +0000, Frank Hagenson
> (fulldisclosure@...enson.com) said:
> >
> > > A fix for this vulnerability is available at my website:
> > > http://www.abracadabrasolutions.com/UrlFilter.htm
> > >
> > > Regards,
> > > Frank Hagenson.
> >
> > --
> > Gregory A. Gilliss, CISSP                              E-mail:
> greg@...liss.com
> > Computer Security                             WWW:
> http://www.gilliss.com/greg/
> > PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4
14
> 0E
> 8C A3
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
> >
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists