[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] verizon vs m$

To: Georgi Guninski <guninski@xxxxxxxxxxxx>, "full-disclosure@xxxxxxxxxxxxxxxxx" <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] verizon vs m$
From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
Date: Mon, 6 Dec 2010 01:49:47 +0000

I don't understand how Dan arrived at "Researchers bypass Internet Explorer 
Protected Mode" for the article title.  Protected Mode isn't being bypassed at 
all - the "researchers that figured out a reliable way to bypass the measure" 
apparently just noticed that Protected Mode is disabled by default in the Local 
Intranet Zone.

Is this something you are concerned about?  This would obviously only be 
exploitable by accessing sites on one's own intranet by specifically using 
intranet nomenclature (and trusted sites, but the user has to add those).  
Also, the article (or the researchers) are incorrect about the default settings 
for the Intranet zone - it's Medium-low, not Medium.   If the problem one is 
trying to fix is based on attackers compromising intranet sites and then 
posting code for unpatched vulnerabilities that would still end up only running 
in the user context, then you've got much bigger problems, no?

I'm just wondering why you are brining attention to the article, or really, why 
it was written in the first place.

t

-----Original Message-----
From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx 
[mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of Georgi Guninski
Sent: Sunday, December 05, 2010 1:26 PM
To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] verizon vs m$

in a world like this, verizon kills exploder bugs:

http://www.theregister.co.uk/2010/12/03/protected_mode_bypass/
http://www.verizonbusiness.com/resources/whitepapers/wp_escapingmicrosoftprotectedmodeinternetexplorer_en_xg.pdf

the language doesn't seem passionate:
-----
Finally, Microsoft and other software vendors should clearly document which 
features do and do not have associated security claims. Clearly stating which 
features make security claims, and which do not, will allow informed decisions 
to be made on IT security issues. 
-----

lol

--
joro

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] verizon vs m$
  - From: Larry Seltzer
- Re: [Full-disclosure] verizon vs m$
  - From: Georgi Guninski
- Re: [Full-disclosure] verizon vs m$
  - From: Ven Ted

References:
- [Full-disclosure] verizon vs m$
  - From: Georgi Guninski

Prev by Date: [Full-disclosure] verizon vs m$
Next by Date: Re: [Full-disclosure] verizon vs m$
Previous by thread: [Full-disclosure] verizon vs m$
Next by thread: Re: [Full-disclosure] verizon vs m$
Index(es):
- Date
- Thread