| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <BEEEBC54-3970-11D9-9248-000D935143FC@sarenet.es> From: borjam at sarenet.es (Borja Marcos) Subject: IE is just as safe as FireFox -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Why is it that Microsoft's code has less quality even though all code > that's > written is instantly audited? (Each line of code is checked before it's > 'passed' in to the code tree.) Design, design and design. Also, design. Writing programs isn't a simple matter of writing code and auditing it for buffer overflows. What about the lousy MIME-type handling in IE, detecting intelligently (but after declaring it harmless in the "security check") that a program disguised as an audio file could actually be an executable, and happily running it? It is bad design. The same as ActiveX. Why are many IE security problems avoided by disabling "Active Scripting"? There seems to be an obsession with "code" these days. And people affected by such disease forget that the code should come after a good design, and a bad design can only be fixed scaping it and starting over. Borja. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) iD8DBQFBnLX5ULpVo4XWgJ8RAlTJAJ92yXv8C5ArhrGzsHCNXBQHyECqhQCcDoL9 LGLighoTQw5rSwV2/mMp72k= =TDnR -----END PGP SIGNATURE-----
Powered by blists - more mailing lists