Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: IE is just as safe as FireFox
From: "joe" <mvp () joeware net>
Date: Wed, 17 Nov 2004 14:23:32 -0500

I recently spoke with some MS Security Execs and I know they wouldn't argue
with this point. They know they have to improve and are working hard to do
so. It would have been nice had they started this work 10 years or more ago
but thankfully they have started now. 

Someone asked me to describe what I saw and heard about when I went out to
Redmond to check things out recently and all I could really say is they are
ramping up fast in the backend but it takes a while to spin things around
when you have so many people using your product in so many ways. They truly
have a ton of cool stuff they are working on and I personally had no
understanding of how much was going on behind the doors and was quite
surprised to see what I saw and how honest they are being about things
internally. They aren't just standing there telling each other they are the
greatest and all of this will just go away on its own. I realize from the
outside it can look that way, I certainly had my own thoughts that way at
times. It was good to see and hear that the IE team is pretty raw about the
edges over the issues that have occurred over the last few years (as well
they should be) and internally MS sees this and knows it and is working to

One thing that was asked for is that they move faster and release tools in
an initially unsupported way to get the feedback sooner so the end results
can be better. Right now they have a tendency to hold things close to chest
for a long time testing and worrying and wanting to try and catch all
possible issues so that they don't release something and get beaten up by a
bunch of boneheads looking to hear their own name on lists and news
broadcasts. This means a lot of stuff that they possibly have answers to
don't see the light of day until a considerable time after the initial punch
in the gut. I personally would be fully happy if tools were put out that
were described as unsupported at the moment but we are working on finalizing
it and releasing it in a supported manner. Then if a problem is found,
feedback is given to MS properly and not a FD post of "oh my god MS sucks
because they are so stupid and I figured it out because I am so L33T, etc
etc ad nauseum" which this list in particular is SOOO good at. Some of the
people around here shouldn't be able to breath they thump their own chest so
hard and so much. Many of the others have no clue what they are talking
about and simply reiterate anything they thought they heard that might be
bad that they heard from someone much brighter than them. 


Let me choose if I even want a browser loaded thanks!


-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Todd Towles
Sent: Tuesday, November 16, 2004 9:19 AM
To: joe; full-disclosure () lists netsys com
Subject: RE: [Full-disclosure] IE is just as safe as FireFox

Microsoft made a bold step by changing security in SP2. It was going to
break stuff...and it was stupid to see people yell about that. They told us
it would, we knew it would. I am glad to see they are starting to take steps
toward a better systems, but Microsoft has room for improvement to say the

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]