lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: Microsoft Faces Angry IE Users' Questions

"Jordan Cole (stilist)" <stilist@...il.com> wrote:

> Hm... the fact that the average user probably doesn't even realise
> there are browsers out there besides IE means nothing, I suppose. And
> I saw from reading it (this morning) that there are two basic replies
> to any question:
> 
> a) we're considering it, but can't say for sure - after all, it might
> break something on some obscure site

That is no longer a valid, or even "acceptable in Microsoft's screwed 
up internal-cultural view of things" "excuse.  Once upon a time it was, 
but well over two years ago now Billy Boy went public and told the 
world that security is now more important than features.  Of course, 
the skeptical part of the world did not believe that Billy really mean 
it and the skeptical part of the world has been proven right for more 
than two years as almost no-one at Microsoft has actually acted in line 
with that edict, but according to Bill's public prognostications a 
softie cannot validly say any more "it might break something on some 
obscure site" as a reason (or worse, an excuse) for not fixing some 
glaring security flaw...

> b) people use it, it's gotta be good! (reminiscent of the "new
> hampshire - 40,000 squirrels can't be wrong!" t-shirt old navy or
> whoever made)

8-)

Same argument applies...  Billy said that security has to take priority 
over functionality.  So what if 40,000 morons decided to use something 
tha MS previously hyped as "the next big thing" -- if its not good 
security practice the softies are supposed to replace it with something 
that is.

...

Of course, until the first version of IE that cannot support ActiveX 
ships as a critical update on WU, the skeptics know what Bill was full 
of back on that fateful day more than two years ago...


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ