lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <BFEKIJJHMLFBOPEEFPJHMEOGGNAA.Security@ReliableAnswers.com>
From: Security at ReliableAnswers.com (Shawn K. Hall (RA/Security))
Subject: Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution

Hi Gabriel,

> > Software bugs can cause death, and have before,
> > both on the small scale, and the large scale.
>
> This is outrageous FUD. Web browsers are not used in
> medical appliances.

'Life-and-death' isn't just about medical appliances. The power outage
last year in the north-east USA which struck eight states and part of
canada over the course of several days was exarcebated by a software
bug:
  http://www.cnn.com/2004/US/Northeast/02/13/blackout.ap/
  NEW YORK (AP) -- A programming error has been identified
  as the cause of alarm failures that might have contributed
  to the scope of last summer's Northeast blackout, industry
  officials said Thursday.


I have no doubt that the traffic lights alone going out would have
caused at least one person to die - and I personally saw two (rather
bad) car accidents only a block away from my house minutes after the
power went out. I doubt those were the only ones.

It *does* happen. It *can* cause loss of life. Not having power during
the summer heat is definitely capable of loss of life, especially for
the very young and elderly, who rely on air conditioning and other
'home' power devices to survive their environments.

Granted, this thread was initially about an IE exploit, and I highly
doubt IE was in any way involved in this, but my point (and the one
you responded to) was that software errors don't cause loss of life.
They can, do, and they are rarely held accountable.

Regards,

Shawn K. Hall
http://ReliableAnswers.com/

'// ========================================================
    "Try not. Do. Or do not. There is no try."
       -- Yoda



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ