On Mon, 01 Dec 2003 21:50:16 EST, Cael Abal <[EMAIL PROTECTED]> said:
> Don't you think perhaps that time used to take a bad browser and make it
> better is really time better spent elsewhere? It's like taking a pie
> out of the trash and picking off the coffee grounds and ashes instead of
> just
Executive summary follows post distilled down to its essence:
On Mon, Dec 01, 2003 at 03:37:04PM -0800, Thor Larholm wrote:
> From: "Thor Larholm" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Subject: [Full-Disclosure] Comments on 5 IE vulnerabilities
> Da
On Mon, 1 Dec 2003 15:37:04 -0800
"Thor Larholm" <[EMAIL PROTECTED]> wrote:
> Each and every command execution vulnerability in Internet Explorer over
> the last few years have all depended on the functionality of local
> security zones. Whenever you are crafting an exploit, you want to
> navigate
> When I attended the NTBugtraq Retreat earlier this year, most of the
> attendees were surprised to hear that I am using Internet Explorer on a
> daily basis, particularly since I should know how vulnerable it can be
> at any given time. I surf with JavaScript and ActiveX enabled, see flash
> mov
On Mon, 1 Dec 2003, Frank Knobbe wrote:
> Maybe one solution for MS could be to unhook IE from the OS, slowly
> distance itself from it and instead add a different browser, one that is
> more secure, with less bells'n'whistles perhaps. They have abandoned and
> replaced products in the past, perha
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Thor Larholm wrote:
| When I attended the NTBugtraq Retreat earlier this year, most of the
| attendees were surprised to hear that I am using Internet Explorer on
| a daily basis, particularly since I should know how vulnerable it can
| be at any given
On Mon, 2003-12-01 at 17:37, Thor Larholm wrote:
> Much ado has been made about those vulnerabilities and they have been
> covered in numerous places such as Forbes, NY Times and CNN. What this
> tells me is that we need a radically different approach than the status
> quo.
That's probably exactl
Despite the severity of some of the vulnerabilities posted by Liu Die
Yu, such as the ability for system compromises, it is relatively easy to
mitigate against the impact and even prevent them from having any effect
at all.
Much ado has been made about those vulnerabilities and they have been
cove
