Full Disclosure mailing list archives
Re: Compromising pictures of Microsoft Internet Explorer!
From: Bernhard Mueller <research () sec-consult com>
Date: Sun, 17 Jul 2005 22:09:45 +0200
Mr. Zalewski's statement about the undue burden that Microsoft's investigative processes place on the researcher is indeed accurate. The only time I've had any success working with Microsoft was when the issue was a straightforward code execution scenario. Oh wait... even then, I'm blown off.
the same here... when I mailed them about that COM-vulnerability in IE, they came up with "this is not exploitable, bla.." after two weeks of internal research and all. having a bad morning anyway, I decided to post the advisory and see, one day later there's a MS security advisory that "a COM object may crash internet explorer" (however, they forgot to mention the public bindshell exploit released by the fsirt). now recently MS05-37 came out, which somehow doesn't include any credits or mention of the original advisory whatsoever (the reason for that being, i presume, the lack of responsibility showed by us). I think it's rather strange to hear a billion-dollar software monopolist apply to my conscience like "look what you've done, you put our customers at risk". they wouldn't give a lame cent on the security of their customers if there wasn't a certain media hype about security. they care for their image and stock index, and that's about it. and i don't see why should be held responsible for that ;) regards, sk0L -- _____________________________________________________ ~ DI (FH) Bernhard Mueller ~ IT Security Consultant ~ SEC-Consult Unternehmensberatung GmbH ~ www.sec-consult.com ~ A-1080 Wien Blindengasse 3 ~ Tel: +43/676/840301718 ~ Fax: +43/(0)1/4090307-590 ______________________________________________________ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Compromising pictures of Microsoft Internet Explorer! Michal Zalewski (Jul 15)
- Re: Compromising pictures of Microsoft Internet Explorer! Przemyslaw Frasunek (Jul 15)
- <Possible follow-ups>
- Re: Compromising pictures of Microsoft Internet Explorer! tuytumadre (Jul 16)
- Re: Compromising pictures of Microsoft Internet Explorer! Matthew Murphy (Jul 16)
- Re: Compromising pictures of Microsoft Internet Explorer! Michal Zalewski (Jul 17)
- Re: Compromising pictures of Microsoft Internet Explorer! Bernhard Mueller (Jul 17)
- Re: Compromising pictures of Microsoft Internet Explorer! Tom Ferris (Jul 17)
- (as apllied to Full Trust Asp.Net vulnerabilities) Re: [Full-disclosure] Compromising pictures of Microsoft Internet Explorer! Dinis Cruz (Jul 25)
- Re: Compromising pictures of Microsoft Internet Explorer! Matthew Murphy (Jul 16)
- Re: Compromising pictures of Microsoft Internet Explorer! Dave Aitel (Jul 16)
- Re: *****SPAM***** Re: Compromising pictures of Microsoft Internet Explorer! Georgi Guninski (Jul 17)
