Re: [Full-disclosure] verizon vs m$

2010-12-08 Thread Georgi Guninski
interesting analysis of 'this thing called "Protected Mode" ' On Tue, Dec 07, 2010 at 02:51:08PM -0600, Marsh Ray wrote: > On 12/07/2010 07:12 AM, valdis.kletni...@vt.edu wrote: > > On Tue, 07 Dec 2010 07:16:34 EST, Larry Seltzer said: > > 2. some interpret it as a feature and some as a bug? >

Re: [Full-disclosure] verizon vs m$

2010-12-07 Thread Christian Sciberras
See Marsh, there's this thing called keyboard and mouse which are trivially a huge security threat to the user. Users shouldn't be allowed to use them. The average user should be staring at the same MSN homepage all day long. Then we should pay Microsoft (and really, all the ingenious security res

Re: [Full-disclosure] verizon vs m$

2010-12-07 Thread Marsh Ray
On 12/07/2010 07:12 AM, valdis.kletni...@vt.edu wrote: > On Tue, 07 Dec 2010 07:16:34 EST, Larry Seltzer said: > 2. some interpret it as a feature and some as a bug? >> >>> Does it have to be either? >> >> It sounds to me as if this is a deliberate design decision, and >> people are disagreeing

Re: [Full-disclosure] verizon vs m$

2010-12-07 Thread Thor (Hammer of God)
>On Tue, 07 Dec 2010 07:16:34 EST, Larry Seltzer said: >> >>> 2. some interpret it as a feature and some as a bug? >> >> > Does it have to be either? >> >> It sounds to me as if this is a deliberate design decision, and people >> are disagreeing over the severity of its implications. > >Some people

Re: [Full-disclosure] verizon vs m$

2010-12-07 Thread Valdis . Kletnieks
On Tue, 07 Dec 2010 07:16:34 EST, Larry Seltzer said: > >>> 2. some interpret it as a feature and some as a bug? > > > Does it have to be either? > > It sounds to me as if this is a deliberate design decision, and people are > disagreeing over the severity of its implications. Some people refer

Re: [Full-disclosure] verizon vs m$

2010-12-07 Thread Dan Kaminsky
On Tue, Dec 7, 2010 at 10:12 PM, wrote: > On Tue, 07 Dec 2010 07:16:34 EST, Larry Seltzer said: >> >>> 2. some interpret it as a feature and some as a bug? >> >> > Does it have to be either? >> >> It sounds to me as if this is a deliberate design decision, and people are >> disagreeing over the s

Re: [Full-disclosure] verizon vs m$

2010-12-07 Thread Larry Seltzer
>>> 2. some interpret it as a feature and some as a bug? > Does it have to be either? It sounds to me as if this is a deliberate design decision, and people are disagreeing over the severity of its implications. LJS ___ Full-Disclosure - We believe in

Re: [Full-disclosure] verizon vs m$

2010-12-07 Thread Dan Kaminsky
On Tue, Dec 7, 2010 at 6:02 PM, Georgi Guninski wrote: > do i get it right?: > > 1. the verizon paper is entirely correct Well, sure. > 2. some interpret it as a feature and some as a bug? Does it have to be either? > > On Sun, Dec 05, 2010 at 11:25:36PM +0200, Georgi Guninski wrote: >> in a w

Re: [Full-disclosure] verizon vs m$

2010-12-07 Thread Georgi Guninski
do i get it right?: 1. the verizon paper is entirely correct 2. some interpret it as a feature and some as a bug? On Sun, Dec 05, 2010 at 11:25:36PM +0200, Georgi Guninski wrote: > in a world like this, verizon kills exploder bugs: > > http://www.theregister.co.uk/2010/12/03/protected_mode_bypas

Re: [Full-disclosure] verizon vs m$

2010-12-06 Thread John Lightfoot
losure-boun...@lists.grok.org.uk] On Behalf Of Georgi Guninski Sent: Sunday, December 05, 2010 1:26 PM To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] verizon vs m$ in a world like this, verizon kills exploder bugs: http://www.theregister.co.uk/2010/12/03/protected_mode

Re: [Full-disclosure] verizon vs m$

2010-12-06 Thread Thor (Hammer of God)
t -Original Message- From: full-disclosure-boun...@lists.grok.org.uk<mailto:full-disclosure-boun...@lists.grok.org.uk> [mailto:full-disclosure-boun...@lists.grok.org.uk<mailto:full-disclosure-boun...@lists.grok.org.uk>] On Behalf Of Georgi Guninski Sent: Sunday, December 05, 2010

Re: [Full-disclosure] verizon vs m$

2010-12-06 Thread Ven Ted
full-disclosure-boun...@lists.grok.org.uk [mailto: > full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Georgi Guninski > Sent: Sunday, December 05, 2010 1:26 PM > To: full-disclosure@lists.grok.org.uk > Subject: [Full-disclosure] verizon vs m$ > > in a world like this, ve

Re: [Full-disclosure] verizon vs m$

2010-12-06 Thread Dan Kaminsky
> Did you read the Reg article?  It has nothing to do with the definition of a > "security boundary."  It's not about that at all.  It's about a title tease > of "bypassing protected mode" with associated inaccurate content when the > whole thing could be summarized with "Protected Mode is not e

Re: [Full-disclosure] verizon vs m$

2010-12-06 Thread Thor (Hammer of God)
aminsky [mailto:d...@doxpara.com] Sent: Monday, December 06, 2010 9:07 AM To: Thor (Hammer of God) Cc: full-disclosure@lists.grok.org.uk; Georgi Guninski Subject: Re: [Full-disclosure] verizon vs m$ > Did you read the Reg article?  It has nothing to do with the definition of a > "sec

Re: [Full-disclosure] verizon vs m$

2010-12-06 Thread Thor (Hammer of God)
> > - > > Finally, Microsoft and other software vendors should clearly document > > which features do and do not have associated security claims. Clearly > > stating which features make security claims, and which do not, will allow > informed decisions to be made on IT security issues. > >

Re: [Full-disclosure] verizon vs m$

2010-12-06 Thread Dan Kaminsky
> - > Finally, Microsoft and other software vendors should clearly document which > features do and do not > have associated security claims. Clearly stating which features make security > claims, and which do not, > will allow informed decisions to be made on IT security issues. > - >Fr

Re: [Full-disclosure] verizon vs m$

2010-12-06 Thread Georgi Guninski
On Mon, Dec 06, 2010 at 01:49:47AM +, Thor (Hammer of God) wrote: > I'm just wondering why you are brining attention to the article, or really, > why it was written in the first place. > i don't comment the technical side of the story, just watching a security show. i bring attention because

Re: [Full-disclosure] verizon vs m$

2010-12-05 Thread Larry Seltzer
f God) Sent: Sunday, December 05, 2010 8:50 PM To: Georgi Guninski; full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] verizon vs m$ I don't understand how Dan arrived at "Researchers bypass Internet Explorer Protected Mode" for the article title. Protected Mode isn

Re: [Full-disclosure] verizon vs m$

2010-12-05 Thread Thor (Hammer of God)
disclosure-boun...@lists.grok.org.uk] On Behalf Of Georgi Guninski Sent: Sunday, December 05, 2010 1:26 PM To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] verizon vs m$ in a world like this, verizon kills exploder bugs: http://www.theregister.co.uk/2010/12/03/protected_mod

[Full-disclosure] verizon vs m$

2010-12-05 Thread Georgi Guninski
in a world like this, verizon kills exploder bugs: http://www.theregister.co.uk/2010/12/03/protected_mode_bypass/ http://www.verizonbusiness.com/resources/whitepapers/wp_escapingmicrosoftprotectedmodeinternetexplorer_en_xg.pdf the language doesn't seem passionate: - Finally, Microsoft and oth