[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Microsoft Internet Explorer Local File Accesses Vulnerability

To: Peter Dawson <slash.pd@xxxxxxxxx>
Subject: Re: [Full-disclosure] Microsoft Internet Explorer Local File Accesses Vulnerability
From: Michal Zalewski <lcamtuf@xxxxxxxxxxxx>
Date: Tue, 20 Feb 2007 10:00:44 +0100 (CET)

On Mon, 19 Feb 2007, Peter Dawson wrote:

> just asking... Is this std practice by vendor to state.... ??? "[..] we
> ask you respect responsible disclosure guidelines and not report this
> publicly...."

It's a common and pretty shameless practice for Microsoft. They also
openly criticize such researchers in media statements (while mentioning
some overly comforting mitigating factors), and then "penalize" you for
not disclosing to them 3-12 months in advance by not crediting you in
vendor bulletins.

These ungrateful researchers, eh?

/mz

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Microsoft Internet Explorer Local File Accesses Vulnerability
  - From: Rajesh Sethumadhavan
- Re: [Full-disclosure] Microsoft Internet Explorer Local File Accesses Vulnerability
  - From: Michal Zalewski
- Re: [Full-disclosure] Microsoft Internet Explorer Local File Accesses Vulnerability
  - From: Peter Dawson

Prev by Date: Re: [Full-disclosure] Drive-by Pharming Threat
Next by Date: Re: [Full-disclosure] new worm traveling the net? (GNU/Linux)
Previous by thread: Re: [Full-disclosure] Microsoft Internet Explorer Local File Accesses Vulnerability
Next by thread: Re: [Full-disclosure] Microsoft Internet Explorer Local File Accesses Vulnerability [7244ks]
Index(es):
- Date
- Thread