lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 11 Jun 2010 09:59:44 -0500
From: John Jacobs <flamdugen@...mail.com>
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Re: Microsoft Windows Help Centre
	Handles	Malformed Escape Sequences Incorrectly



Consequently, in my humble opinion I think there should be less focus on the emotional interaction between Microsoft and Travis' findings.  Of course it's easy for me to assert this; when I wake up in the morning I don't have the same challenges of wading through a soup of emotional fog and displacing the priority of actual vulnerabilities in favor of emotional interaction with Microsoft.

While it's fun to be a Microsoft apologist, and even more fun to be ruled by emotion, I would be ashamed to have published what Susan did.  Even more shaming is the call to arms which you so eagerly answered only to appear as foolish as Susan herself.

It's hard to tell who the trolls are, perhaps Susan is indeed a troll, and decided to fork the conversation about actual vulnerabilities and security events and derail them by introducing drivel about interacting with Microsoft.

I believe this may be one of the disadvantages of an unmoderated list, perhaps it encourages or enables others to treat it like a social networking site.


Date: Fri, 11 Jun 2010 11:40:55 +0200
From: uuf6429@...il.com
To: jfranz@...erun.com
CC: full-disclosure@...ts.grok.org.uk; bugtraq@...urityfocus.com
Subject: Re: [Full-disclosure] Microsoft Windows Help Centre Handles	Malformed Escape Sequences Incorrectly

In my humble opinion, he could have waited a couple more days just in case Microsoft decided to do the unprecedented.
In which case, I progressive change of policies at Microsoft are better than a couple of users getting hacked from pron sites...


Cheers.
 		 	   		  
Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ