| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.64.0604261620020.29433@matrix.coldrain.net>
Date: Wed Apr 26 21:23:06 2006
From: bruen at coldrain.net (bruen@...drain.net)
Subject: MSIE (mshtml.dll) OBJECT tag vulnerability
Hi Tim,
Perhaps instead of viewing this as breaking into locked doors and look
at it as consumer product information, such as problems with my
automobile, it would not appear as such a big deal. I like product recalls
and keeping vendors honest. Product safety has improved significantly over
the past 20 years because of the openness of the flaws. I am sure that
software has and will continue to benefit from full disclosure of their
flaws.
cheers, bob
On Wed, 26 Apr 2006, Tim Bilbro wrote:
> You do a disservice to all IT shops by announcing these vulnerabilities
> before contacting the vendor. I am sure it would not generate as much
> web traffic to your site, but it is only fair and right to allow at
> least some amount of time for the vendor to respond. If you think you
> are helping, you are wrong. Would you go around town checking which
> stores are unlocked at night and then publish the list in the news
> before letting the shop owners know? That's pretty much what you are
> doing. It's just not helping. There is no proof that it is either.
>
> Tim Bilbro
> Information Security Specialist
> CISSP, MCSE
> trbilbro@...izon.net
> web: www.bloglines.com/blog/Bilbro
> RSS: www.bloglines.com/blog/Bilbro/rss
>
>
--
Bob Bruen
Cold Rain Technologies
http://coldrain.net
+1.802.579.6288
Powered by blists - more mailing lists