| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <AANLkTikvBtsralEql9ui9e4q9BbIIqLPBHCS0mLaBmAG@mail.gmail.com> Date: Fri, 11 Jun 2010 16:28:25 +0100 From: Benji <me@...ji.com> To: Benjamin Franz <jfranz@...erun.com> Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com Subject: Re: Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly because when she gets 0wn3d she can be all like 'ruh roh, well, 0day can happen to anyone' On Fri, Jun 11, 2010 at 4:01 PM, Benjamin Franz <jfranz@...erun.com> wrote: > On 06/11/2010 02:40 AM, Christian Sciberras wrote: >> In my humble opinion, he could have waited a couple more days just in >> case Microsoft decided to do the unprecedented. >> In which case, I progressive change of policies at Microsoft are >> better than a couple of users getting hacked from pron sites... > As I said: Travis indicated in his original post he believes the exploit > *was already being used in the wild*. So NOT releasing it wouldn't > protect users. It would just keep it "secret" from everyone except > Microsoft *and the black hats who were already using it*. While > maintaining a false air of intact security for everyone else. > > That is better, how? > > -- > Benjamin Franz > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists