| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri Jan 13 20:49:07 2006 From: nfobro at gmail.com (eric williams) Subject: Steve Gibson smokes crack? On 1/13/06, Todd Towles <toddtowles@...okshires.com> wrote: > > Stan wrote: > > Ordinarily I'd argue, but its hard to when we find out > > Microsoft knew about the bug for a long time and made a > > concious decision not to patch it even though they knew it > > could lead to a system compromise. > > Also, Microsoft must have made the concious decision to have it not work > by default on any pre-Windows 2000 machine? What kind of old secret > government backdoor is that...when it doesn't even work. I think I follow you here, I don't think I agree with the conscious decsion part tho'. I think the design of the WMF supported the record types that any vendor could have access to via the GDI, what was at play, afaict, is that you either had to have a renderer that was flawed and could be leveraged from M$ or a third-party vendor. I think the 'flaw' was there by default, but possibly no means to leverage it without a properly crapped up 'viewer'. M$, of course fixed that problem later by providing a default backd^H^H^H^H^H viewer. :) -e > > -Todd > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
Powered by blists - more mailing lists