Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability

from [Michal Zalewski] Network Security [Permanent Link]
Subject: RE: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability
Date: Thu, 27 Apr 2006 08:33:00 +0200 (CEST) 
On Wed, 26 Apr 2006, Larry Seltzer wrote:


It wasn't my analogy. I was criticizing it.


Larry,

Sorry if I criticized you undeservedly, then. That exchange of mails was
unclear at best, however. In this particular branch of this (silly)
thread:

1) Tim Bilbro blasted me for disclosing a problem and compared this to
   checking at night for open store doors.

2) Bob replied and criticized Tim saying that the analogy is flawed, and
   that it can be compared, at best, to informing the public about car
   manufacturing faults and recalls.

3) You replied to Bob's (not Tim's!) mail and said that "it's a lousy
   analogy" and mentioned "exploiting flaws to drive it off" in a way
   that can be, at best, read in a couple of ways.

It was only fair to assume that you meant to blast a (generally favorable)
analogy brought up by Bob. If that wasn't your intention, OK, but it
wasn't nearly as obvious as you'd probably want it to be.


I'll assume you're as proficient in english as in morals


Uh-oh.

/mz

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] Internet Explorer User Interface Races, Redeux, Zh Linlin
Next by Date:  [Full-disclosure] [Re:] Interesting but vulnerable scheme for tokenless auth, Chris
Previous by Thread:  RE: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability, Michal Zalewski
Next by Thread:  RE: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability, Michal Zalewski
Indexes:  [Date] [Thread] [Top] [All Lists]