interesting analysis of 'this thing called "Protected Mode" '
On Tue, Dec 07, 2010 at 02:51:08PM -0600, Marsh Ray wrote:
> On 12/07/2010 07:12 AM, valdis.kletni...@vt.edu wrote:
> > On Tue, 07 Dec 2010 07:16:34 EST, Larry Seltzer said:
> > 2. some interpret it as a feature and some as a bug?
>
See Marsh, there's this thing called keyboard and mouse which are trivially
a huge security threat to the user. Users shouldn't be allowed to use them.
The average user should be staring at the same MSN homepage all day long.
Then we should pay Microsoft (and really, all the ingenious security
res
On 12/07/2010 07:12 AM, valdis.kletni...@vt.edu wrote:
> On Tue, 07 Dec 2010 07:16:34 EST, Larry Seltzer said:
> 2. some interpret it as a feature and some as a bug?
>>
>>> Does it have to be either?
>>
>> It sounds to me as if this is a deliberate design decision, and
>> people are disagreeing
>On Tue, 07 Dec 2010 07:16:34 EST, Larry Seltzer said:
>> >>> 2. some interpret it as a feature and some as a bug?
>>
>> > Does it have to be either?
>>
>> It sounds to me as if this is a deliberate design decision, and people
>> are disagreeing over the severity of its implications.
>
>Some people
On Tue, 07 Dec 2010 07:16:34 EST, Larry Seltzer said:
> >>> 2. some interpret it as a feature and some as a bug?
>
> > Does it have to be either?
>
> It sounds to me as if this is a deliberate design decision, and people are
> disagreeing over the severity of its implications.
Some people refer
On Tue, Dec 7, 2010 at 10:12 PM, wrote:
> On Tue, 07 Dec 2010 07:16:34 EST, Larry Seltzer said:
>> >>> 2. some interpret it as a feature and some as a bug?
>>
>> > Does it have to be either?
>>
>> It sounds to me as if this is a deliberate design decision, and people are
>> disagreeing over the s
>>> 2. some interpret it as a feature and some as a bug?
> Does it have to be either?
It sounds to me as if this is a deliberate design decision, and people are
disagreeing over the severity of its implications.
LJS
___
Full-Disclosure - We believe in
On Tue, Dec 7, 2010 at 6:02 PM, Georgi Guninski wrote:
> do i get it right?:
>
> 1. the verizon paper is entirely correct
Well, sure.
> 2. some interpret it as a feature and some as a bug?
Does it have to be either?
>
> On Sun, Dec 05, 2010 at 11:25:36PM +0200, Georgi Guninski wrote:
>> in a w
do i get it right?:
1. the verizon paper is entirely correct
2. some interpret it as a feature and some as a bug?
On Sun, Dec 05, 2010 at 11:25:36PM +0200, Georgi Guninski wrote:
> in a world like this, verizon kills exploder bugs:
>
> http://www.theregister.co.uk/2010/12/03/protected_mode_bypas
losure-boun...@lists.grok.org.uk] On Behalf Of Georgi
Guninski
Sent: Sunday, December 05, 2010 1:26 PM
To: full-disclosure@lists.grok.org.uk
Subject: [Full-disclosure] verizon vs m$
in a world like this, verizon kills exploder bugs:
http://www.theregister.co.uk/2010/12/03/protected_mode
t
-Original Message-
From:
full-disclosure-boun...@lists.grok.org.uk<mailto:full-disclosure-boun...@lists.grok.org.uk>
[mailto:full-disclosure-boun...@lists.grok.org.uk<mailto:full-disclosure-boun...@lists.grok.org.uk>]
On Behalf Of Georgi Guninski
Sent: Sunday, December 05, 2010
full-disclosure-boun...@lists.grok.org.uk [mailto:
> full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Georgi Guninski
> Sent: Sunday, December 05, 2010 1:26 PM
> To: full-disclosure@lists.grok.org.uk
> Subject: [Full-disclosure] verizon vs m$
>
> in a world like this, ve
> Did you read the Reg article? It has nothing to do with the definition of a
> "security boundary." It's not about that at all. It's about a title tease
> of "bypassing protected mode" with associated inaccurate content when the
> whole thing could be summarized with "Protected Mode is not e
aminsky [mailto:d...@doxpara.com]
Sent: Monday, December 06, 2010 9:07 AM
To: Thor (Hammer of God)
Cc: full-disclosure@lists.grok.org.uk; Georgi Guninski
Subject: Re: [Full-disclosure] verizon vs m$
> Did you read the Reg article? It has nothing to do with the definition of a
> "sec
> > -
> > Finally, Microsoft and other software vendors should clearly document
> > which features do and do not have associated security claims. Clearly
> > stating which features make security claims, and which do not, will allow
> informed decisions to be made on IT security issues.
> >
> -
> Finally, Microsoft and other software vendors should clearly document which
> features do and do not
> have associated security claims. Clearly stating which features make security
> claims, and which do not,
> will allow informed decisions to be made on IT security issues.
> -
>Fr
On Mon, Dec 06, 2010 at 01:49:47AM +, Thor (Hammer of God) wrote:
> I'm just wondering why you are brining attention to the article, or really,
> why it was written in the first place.
>
i don't comment the technical side of the story, just watching a security show.
i bring attention because
f God)
Sent: Sunday, December 05, 2010 8:50 PM
To: Georgi Guninski; full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] verizon vs m$
I don't understand how Dan arrived at "Researchers bypass Internet
Explorer Protected Mode" for the article title. Protected Mode isn
disclosure-boun...@lists.grok.org.uk] On Behalf Of Georgi Guninski
Sent: Sunday, December 05, 2010 1:26 PM
To: full-disclosure@lists.grok.org.uk
Subject: [Full-disclosure] verizon vs m$
in a world like this, verizon kills exploder bugs:
http://www.theregister.co.uk/2010/12/03/protected_mod
in a world like this, verizon kills exploder bugs:
http://www.theregister.co.uk/2010/12/03/protected_mode_bypass/
http://www.verizonbusiness.com/resources/whitepapers/wp_escapingmicrosoftprotectedmodeinternetexplorer_en_xg.pdf
the language doesn't seem passionate:
-
Finally, Microsoft and oth
20 matches
Mail list logo