[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability

To: str0ke <str0ke@xxxxxxxxxxx>
Subject: Re: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability
From: poo <skodliv@xxxxxxxxx>
Date: Thu, 27 Apr 2006 16:17:21 +0200

>The funny part about this whole situation is that the people that
>bashed on MZ never contributed a pea to what he has to this list.

yeah you people should stop whining and start disclosing


On 4/27/06, str0ke <str0ke@xxxxxxxxxxx> wrote:
>
> This isn't the whitehat lovers group, anything and everything goes for
> Full Disclosure.
>
> > "Just who does he think he is? [...] Zalewski may think
> >  he's some sort of hero disclosing this information, but his is the act
> of a vandal.
>
> No a vandal wouldn't disclose the information, a vandal on the other
> hand would sell the information / code to spyware companies.  Hmm,
> think about it.
>
> The funny part about this whole situation is that the people that
> bashed on MZ never contributed a pea to what he has to this list.
>
> /str0ke
>
> On 4/27/06, Pedro Hugo <fractalg@xxxxxxxxxxxxxxxx> wrote:
> > >   "Just who does he think he is? [...] Zalewski may think he's some
> sort
> > of hero disclosing this information, but his is the act of a vandal.
> > If
> > >   it turns out that the bug is exploitable and abused before it's
> > patched,
> > >   then perhaps he'll be proud to be remembered for that."
> >
> > He is what he wants to be... Afaik, there are no laws about disclosure.
> > Everyone does what he thinks it's best, even if it's best only for
> himself
> > (like Adam Smith "said", everyone acts on their own interest).
> > The bug requires user interaction. If most users are too stupid to click
> > anything, the problem will not be solved with patching.
> > And, even with patches, can you estimate what percentage of systems
> which
> > are patched right away ? Yeah, most aren't!
> >
> > No sysadmin likes to be catched by surprise with security problems. But,
> > life isn't always perfect !
> >
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



--
smile tomorrow will be worse

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- RE: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability
  - From: Michal Zalewski
- RE: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability
  - From: Pedro Hugo
- Re: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability
  - From: str0ke

Prev by Date: Re: [Full-disclosure] CrYpTiC MauleR = n3td3v
Next by Date: Re[2]: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability
Previous by thread: Re: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability
Next by thread: Re[2]: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability
Index(es):
- Date
- Thread