[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: [Full-Disclosure] IE Changes / Software Patents

To: <full-disclosure@lists.netsys.com>
Subject: AW: [Full-Disclosure] IE Changes / Software Patents
From: Michael Elsdörfer <michael@elsdoerfer.net>
Date: Thu, 9 Oct 2003 15:23:13 +0200

> Does anyone care to wager how many security vulnerabilities Microsoft will
> create by making this change?

None. There are still the security settings, which are currently used.

> -----Ursprüngliche Nachricht-----
> Von: full-disclosure-admin@lists.netsys.com [mailto:full-disclosure-
> admin@lists.netsys.com] Im Auftrag von Joel R. Helgeson
> Gesendet: Mittwoch, 8. Oktober 2003 13:52
> An: full-disclosure@lists.netsys.com
> Betreff: Re: [Full-Disclosure] IE Changes / Software Patents
> 
> Does anyone care to wager how many security vulnerabilities Microsoft will
> create by making this change?
> 
> Joel R. Helgeson
> Director of Networking & Security Services
> SymetriQ Corporation
> 
> "Give a man fire, and he'll be warm for a day; set a man on fire, and
> he'll
> be warm for the rest of his life."
> ----- Original Message -----
> From: "Rainer Gerhards" <rgerhards@hq.adiscon.com>
> To: <full-disclosure@lists.netsys.com>
> Sent: Tuesday, October 07, 2003 2:36 PM
> Subject: [Full-Disclosure] IE Changes / Software Patents
> 
> 
> > I just found a very interesting effect of software patents:
> >
> > http://www.microsoft.com/presspass/press/2003/oct03/10-06EOLASPR.asp
> >
> > As was posted on this list not so far ago, Microsoft lost a case against
> > Eolas on some aspects of ActiveX embedding in IE. Their technical
> > reaction is a good sample of what software patents cause:
> >
> > http://msdn.microsoft.com/ieupdate/activexchanges.asp
> >
> > In short
> >
> > - a lot of web pages are broken (even PDF should not work in all cases)
> > - the user will become educated to press OK on popups even more often
> > - wild workarounds are created (base64 encode the parameter instead
> > passing it clear-text) to avoid patented code
> >
> > That last point is not written directly in the msdn document, but I read
> > between the lines this will be the preferred workaround.
> >
> > Isn't that nicely?
> >
> > Rainer
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- Re: [Full-Disclosure] IE Changes / Software Patents
  - From: "Joel R. Helgeson" <joel@helgeson.com>

Prev by Date: [Full-Disclosure] MS RPC remote exploit.
Next by Date: Re:[Full-Disclosure] The msvidctl.dll in Windows XP
Previous by thread: Re: [Full-Disclosure] IE Changes / Software Patents
Next by thread: [Full-Disclosure] ltrace bug
Index(es):
- Date
- Thread