lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Thu Apr 27 08:45:38 2006
From: drfrancky at securax.org (Javor Ninov)
Subject: MSIE (mshtml.dll) OBJECT tag vulnerability

This is Full-Disclosure if you didn't notice. I personally don't care
about the vendors. I disclosure. going to check the stores can get me
nothing but jail time. but if it's not prohibited by law hell i will
disclosure such list.

Javor Ninov aka DrFrancky
http://securitydot.net/

Tim Bilbro wrote:
> You do a disservice to all IT shops by announcing these vulnerabilities
> before contacting the vendor. I am sure it would not generate as much
> web traffic to your site, but it is only fair and right to allow at
> least some amount of time for the vendor to respond. If you think you
> are helping, you are wrong. Would you go around town checking which
> stores are unlocked at night and then publish the list in the news
> before letting the shop owners know? That's pretty much what you are
> doing. It's just not helping. There is no proof that it is either.
> 
> *Tim Bilbro*
> Information Security Specialist
> CISSP, MCSE
> /trbilbro@...izon.net/
> /web: //_www.bloglines.com/blog/Bilbro_/
> <file://www.bloglines.com/blog/Bilbro>//
> /RSS: //_www.bloglines.com/blog/Bilbro/rss_/
> <file://www.bloglines.com/blog/Bilbro/rss>//
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060427/07d60b79/signature.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ