lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.58.0604270012350.28722@dione>
Date: Wed Apr 26 23:21:06 2006
From: lcamtuf at dione.ids.pl (Michal Zalewski)
Subject: MSIE (mshtml.dll) OBJECT tag vulnerability

On Wed, 26 Apr 2006 bruen@...drain.net wrote:

> There aren't people out there looking to exploit the flaws in your car in
> order to drive it where they want it to go. It's a lousy analogy.

Larry,

Microsoft Internet Explorer is not a car. Were it a car, it still wouldn't
be yours more than it would be mine. "Disclosing a problem to the public"
is not "driving it off".

Depending on whether I compare finding vulnerabilities to nursing an
orphaned baby squirrel, or running over the elderly, I can appeal to
different emotions of the public. But that does not mean anything, and you
know this.

So, do tell, why are informed, computer-savvy people so desperate to make
inadequate, half-baked analogies to real life to "prove" their opinions?

/mz

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ