Re: [Full-Disclosure] Interesting side effect of the new IE patch

[Daniele Muscetta <daniele@muscetta.com>]

NO FLAME pls. !
The following part of the mail was:

> (Oh yeah and this is not a Microsoft only problem, or why do f.e.
> openssh/openssl allow RSA keys without passphrases?)

Indeed.
But it is the continuos struggle between security and usability....


---


With this I mean I do realize it is not just a Micrsoft problem, it is 
present everywhere.
It is because you try to give functionality, and each feature brings risks.
You have to find a balance among the two.

And how do you find a balance ?
You try. You go a bit one way a bit another, till you find the in-between.

I did not mean to bash.
Just considerations. 

Sp4 was not new nor elite, i know, i apologize.

Nite. Peace.

Daniele




InCisT wrote:

> Daniele Muscetta wrote:
> [SNIP]
>
> > They are just RUSHING to close as may bugs as possible.... and as always
> > happens when fixing things afterwards intead of designing them in 
> > from the
> > beginning, things either break, or settings that get closed have to be
> > re-opened again.
> > Another issue I personally encountered some days ago was an application
> > which all of a sudden stopped working after having applied SP4 (on a
> > windows 2000 server), because of the NEW user rights they introduced:
> > http://support.microsoft.com/default.aspx?kbid=821546
>
> [SNIP]
>
> Last I heard sp4 was NOT new. And this is typical of all software 
> companies not just MS. If something needs to be fixed ASAP and you 
> cant figure it out, disable it and work on it (email merge in Open 
> Office, some ACPI functions on 2.4.23, ect.) Its not just MS and im 
> not a MS lover by any means, but try and be reasonable and fair 
> instead of just company bashing.
>
> InCisT

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html