From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of
Sent: Thursday, November 18, 2004 8:47 AM
Cc: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] IE is just as safe as FireFox
-----BEGIN PGP SIGNED MESSAGE-----
Why is it that Microsoft's code has less quality even
though all code
that's written is instantly audited? (Each line of code is checked
before it's 'passed' in to the code tree.)
Design, design and design. Also, design.
Writing programs isn't a simple matter of writing code
and auditing it for buffer overflows. What about the lousy
MIME-type handling in IE, detecting intelligently (but after
declaring it harmless in the "security check") that a program
disguised as an audio file could actually be an executable,
and happily running it?
It is bad design. The same as ActiveX. Why are many IE
security problems avoided by disabling "Active Scripting"?
There seems to be an obsession with "code" these days.
And people affected by such disease forget that the code
should come after a good design, and a bad design can only be
fixed scaping it and starting over.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
-----END PGP SIGNATURE-----
Full-Disclosure - We believe in it.