Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
IE 5.5 & 6 script security bug
Message
From
12/11/2001 17:08:34
Victor Chigne
Inteliventas
Peru
 
 
To
12/11/2001 15:50:00
Dragan Nedeljkovich (Online)
Now officially retired
Zrenjanin, Serbia
General information
Forum:
Visual FoxPro
Category:
Other
Title:
Re: IE 5.5 & 6 script security bug
Miscellaneous
Thread ID:
00580249
Message ID:
00580646
Views:
18
>>>>Did you read the history?
>>>>
>>>>http://www.solutions.fi/index.cgi/news_2001_11_09?lang=eng
>>>>
>>>>it scared me more than the bug itself.
>>>>
>>>>I'm switching to NS today.
>>>
>>>The story is really scary, and reminds me of the shark scenario - remember, in "Jaws", the local big money man who tries to suppress any information about the shark, because it would jeopardize the tourist harvest.
>>>
>>>
>>
>>Well, this is even worse:
>>
>>http://www.microsoft.com/technet/treeview/default.asp?url=/technet/columns/security/noarch.asp
>>
>>There is a new term: "Information Anarchy" wich means that you are some kind >
>It says "The page you're looking for has been moved or removed from the site.", and note the time between our messages. Or it won't let me read it because I'm using NS?
>Nope, found it after searching on "information anarchy", under http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/columns/security/noarch.asp
>and from what I see it differs by just the camel-case spelling after url= part. Could it be the case-sensitivity comes from using a Linux server? :)
>

LOL

>I wish someone could check this: "The relationship between information anarchy and the recent spate of worms is undeniable. Every one of these worms exploited vulnerabilities for which step-by-step exploit instructions had been widely published. But the evidence is more far conclusive than that. Not only do the worms exploit the same vulnerabilities, they do so using the same techniques as were published ? in some cases even going so far as to use the same file names and identical exploit code. This is not a coincidence. Clearly, the publication of exploit details about the vulnerabilities contributed to their use as weapons."
>

And having known bugs unadressed for a long time has a little to do, I guess. But I don't see it mentioned in the article.

>The point here is whether the guys who cried "wolf" when the wolf really was ready to come, have actually invited the wolf or not. They seem to be accused of it, but then the author of the article ony says it was proven - and I've read enough of stuff where "proven" equalled "I take it for granted and so should you", but actual digging for fact led to a different conclusion.
>

Yes. Great minds think alike. :)

>>But isn't even more criminal to don't release a security patch many days after being warned of that, having some hacker find it and release a program that takes advantage of it and damage millions of users? Will MSFT take responsability if this happens?
>
>The author seems to state that all operating systems are imperfect and have numerous security hazards, and lists Windows, Linux and Solaris. However, I remember that there's a guy in Britain who challenged anyone to plant a virus on his server, and promissed a 10,000 GBP reward. That money is still waiting after two years. And, ah, I forgot: it's a Linux server.

You mean the anti-american, viral OS?
Previous
Next
Reply
Map
View

Click here to load this message in the networking platform