Ah, I have to admit that when he stated in that year old email that there was no major differences security wise between the 1.1 and the 2.0 specs I believed him, mostly because, er, I didn't look at the 2.0 specs either, and I didn't really expect to find FUD on the OWASP website... Implicit trust is always bad right? :)
>-----Original Message----- >From: Thor (Hammer of God) [mailto:[EMAIL PROTECTED] >Sent: Friday, July 28, 2006 1:13 PM >To: Focus-MS >Subject: Re: .Net Satisfies Security Compliance Satistactions >or Not ??? > >What, an email stating that he wants to get paid by Microsoft >to do an audit, or you mean the link to a year-old email where >he states that he has not looked at the 2.0 specs? Or are you >referring to the reference to the default full-trust model >where one can control processes running under .Net with the >ever-so-slight caveat of having to be able to upload scripts >to the server and have permission to run them? THOSE >vulnerabilities? ;) > >t --------------------------------------------------------------------------- ---------------------------------------------------------------------------
