lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.58.0604270824370.28722@dione>
Date: Thu Apr 27 07:33:09 2006
From: lcamtuf at dione.ids.pl (Michal Zalewski)
Subject: MSIE (mshtml.dll) OBJECT tag vulnerability

On Wed, 26 Apr 2006, Larry Seltzer wrote:

> It wasn't my analogy. I was criticizing it.

Larry,

Sorry if I criticized you undeservedly, then. That exchange of mails was
unclear at best, however. In this particular branch of this (silly)
thread:

1) Tim Bilbro blasted me for disclosing a problem and compared this to
   checking at night for open store doors.

2) Bob replied and criticized Tim saying that the analogy is flawed, and
   that it can be compared, at best, to informing the public about car
   manufacturing faults and recalls.

3) You replied to Bob's (not Tim's!) mail and said that "it's a lousy
   analogy" and mentioned "exploiting flaws to drive it off" in a way
   that can be, at best, read in a couple of ways.

It was only fair to assume that you meant to blast a (generally favorable)
analogy brought up by Bob. If that wasn't your intention, OK, but it
wasn't nearly as obvious as you'd probably want it to be.

> I'll assume you're as proficient in english as in morals

Uh-oh.

/mz

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ