On Wed, 10 Dec 2003 14:05:47 +0059 Jedi/Sector One <[EMAIL PROTECTED]> wrote:
> On Wed, Dec 10, 2003 at 09:23:40AM +0100, Feher Tamas wrote: > > Unless the bug has already been exploited by malicious people, it was > > a highly irresponsible act to disclose it to the public, without giving > > Microsoft a reasonable timeframe to produce a fix. > > People know that new critical flaws are discovered in Internet Explorer > every week, but keep using this product. > > Who is to blame here? > > > It may even qualify as a crime! > > In this case, Microsoft is the actual criminal. > > To bring back the traditionnal car-vs-software parallel... Imagine that > Ford is selling cars that are known to have serious defects. Every week a new > serial defect is found (and even not by the manufacturer but by an > individual). And because of these defects, thousands of people are already > dead. Now, the defect-of-the-week is that when you say "booh!" to a Ford car, > it explodes 10 minutes later. > > Now when a car explodes because of that flaw, who is to blame? > > - People who keep buying those cars while knowing they are playing the russian > roulette? Obviously. > > - Ford that still keeps selling these cars (fixing some reported flaws, > ignoring some others, not really carefully testing anything themselves > before products hit the market) ? Obviously. > > - A kiddy who notices the "booh!" bug by mistake and tells his friends (so > that the problem is known to the public instead of being silent, waiting for > a vendor fix and imagining that because the fix is there, everyone in the > planet will immediately apply it)? Obviously not. > > Past the marketing "Microsoft now focuses on security" craptalk, the > current situation regarding Internet Explorer is still the same for years. > Use it without Qwik-fix, an antivirus, a firewall and strong reflexion > before clicking anywhere and you are still vulnerable to trivial flaws. So > instead of blaming whoever found the IE bugs of the week, just switch to > other browsers. well said :-] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
