| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20101207090230.GA2058@sivokote.iziade.m$> Date: Tue, 7 Dec 2010 11:02:30 +0200 From: Georgi Guninski <guninski@...inski.com> To: full-disclosure@...ts.grok.org.uk Subject: Re: verizon vs m$ do i get it right?: 1. the verizon paper is entirely correct 2. some interpret it as a feature and some as a bug? On Sun, Dec 05, 2010 at 11:25:36PM +0200, Georgi Guninski wrote: > in a world like this, verizon kills exploder bugs: > > http://www.theregister.co.uk/2010/12/03/protected_mode_bypass/ > http://www.verizonbusiness.com/resources/whitepapers/wp_escapingmicrosoftprotectedmodeinternetexplorer_en_xg.pdf > > the language doesn't seem passionate: > ----- > Finally, Microsoft and other software vendors should clearly document which features do and do not > have associated security claims. Clearly stating which features make security claims, and which do not, > will allow informed decisions to be made on IT security issues. > ----- > > lol > > -- > joro > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists