Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability

from [poo] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability
Date: Thu, 27 Apr 2006 16:17:21 +0200 
The funny part about this whole situation is that the people that
bashed on MZ never contributed a pea to what he has to this list.


yeah you people should stop whining and start disclosing


On 4/27/06, str0ke <str0ke@milw0rm.com> wrote:


This isn't the whitehat lovers group, anything and everything goes for
Full Disclosure.


"Just who does he think he is? [...] Zalewski may think
 he's some sort of hero disclosing this information, but his is the act

of a vandal.

No a vandal wouldn't disclose the information, a vandal on the other
hand would sell the information / code to spyware companies.  Hmm,
think about it.

The funny part about this whole situation is that the people that
bashed on MZ never contributed a pea to what he has to this list.

/str0ke

On 4/27/06, Pedro Hugo <fractalg@highspeedweb.net> wrote:

  "Just who does he think he is? [...] Zalewski may think he's some

sort

of hero disclosing this information, but his is the act of a vandal.
If

  it turns out that the bug is exploitable and abused before it's

patched,

  then perhaps he'll be proud to be remembered for that."


He is what he wants to be... Afaik, there are no laws about disclosure.
Everyone does what he thinks it's best, even if it's best only for

himself

(like Adam Smith "said", everyone acts on their own interest).
The bug requires user interaction. If most users are too stupid to click
anything, the problem will not be solved with patching.
And, even with patches, can you estimate what percentage of systems

which

are patched right away ? Yeah, most aren't!

No sysadmin likes to be catched by surprise with security problems. But,
life isn't always perfect !



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/





--
smile tomorrow will be worse

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] CrYpTiC MauleR = n3td3v, n3td3v
Next by Date:  Re[2]: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability, Thierry Zoller
Previous by Thread:  Re: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability, str0ke
Next by Thread:  Re[2]: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability, Thierry Zoller
Indexes:  [Date] [Thread] [Top] [All Lists]