Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: MSIE (mshtml.dll) OBJECT tag vulnerability
From: bruen () coldrain net
Date: Wed, 26 Apr 2006 16:25:05 -0400 (EDT)

Hi Tim,

Perhaps instead of viewing this as breaking into locked doors and look at it as consumer product information, such as problems with my automobile, it would not appear as such a big deal. I like product recalls and keeping vendors honest. Product safety has improved significantly over the past 20 years because of the openness of the flaws. I am sure that software has and will continue to benefit from full disclosure of their flaws.

                   cheers, bob

On Wed, 26 Apr 2006, Tim Bilbro wrote:

You do a disservice to all IT shops by announcing these vulnerabilities
before contacting the vendor. I am sure it would not generate as much
web traffic to your site, but it is only fair and right to allow at
least some amount of time for the vendor to respond. If you think you
are helping, you are wrong. Would you go around town checking which
stores are unlocked at night and then publish the list in the news
before letting the shop owners know? That's pretty much what you are
doing. It's just not helping. There is no proof that it is either.

Tim Bilbro
Information Security Specialist
trbilbro () verizon net
web: www.bloglines.com/blog/Bilbro
RSS: www.bloglines.com/blog/Bilbro/rss

Bob Bruen
Cold Rain Technologies

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]