| TIP: Click on subject to list as thread! | ANSI |
| echo: | |
|---|---|
| to: | |
| from: | |
| date: | |
| subject: | Re: More fiction, more nonsense |
From: "Geo."
"Rich" wrote in message news:3e330892{at}w3.nls.net...
> Your lack of a better description relects poorly on you. Why do you
persist in making yourself look bad?<
I don't know, but that's the way I am so deal with it ok?
> A user that prefers Netscape wouldn't be affected by the scenario you
reported because the window opened by WMP is in the user's selected default
browser and the source of the vulnerability was IE specific.<
does it? Is that what the CSID thing is, picking the default browser or can
that be modified to use IE regardless of what the default browser is?
> Whether you run IE as guest, normal user, or admin makes no difference.
It's intended to be safe for all and if not due to an issue with IE than
that is an IE issue and not the fault of you the user. Now if IE prompts
or warns you and you take explicit action to continue then the fault is
yours.<
Yes it's supposed to be safe, no it's never been classified as safe so I do
believe it makes a difference if you run it as guest or admin. But that
wasn't my point.
My point was more that when a piece of code is exploited the exploit pretty
much ends up with the access level that the exploited code was running at.
This is one of the reasons MS changed the account that IIS5 uses (because
the exploited code yeilds the access level). With media player exploit,
it's media players access level which is why I view it as a media player
exploit.
You don't need to agree with that viewpoint, it's only my opinion but I do
appreciate the discussion with you as it's allowed me to clarify (at least
in my own mind) why I see it that way. A lot of what I understand about
computers is self taught so the ideas exist in abstract thoughts for me and
having to put them into words helps when I have to explain this stuff to
others.
I do understand what you are saying, you see it from a programmers point of
view, so the piece of code belongs to a program and it's that piece of code
that is exploitable so that points to the program being exploited
regardless of what passed control and the exploit commands to that piece of
code. It's a valid way to see it but not the only way.
Geo.
--- BBBS/NT v4.01 Flag-4
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/1.45)SEEN-BY: 633/267 270 @PATH: 379/1 633/267 |
|
| SOURCE: echomail via fidonet.ozzmosis.com | |
Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.