| TIP: Click on subject to list as thread! | ANSI |
| echo: | |
|---|---|
| to: | |
| from: | |
| date: | |
| subject: | Re: More fiction, more nonsense |
From: "Rich"
This is a multi-part message in MIME format.
------=_NextPart_000_002E_01C2C49F.598E7E30
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
The example we have been discussing has only one unsafe component for =
which an update was released to correct the flaw. That component is IE. =
WMP is doing nothing unsafe. And since you have forgotten, the complex =
scenario in the report we have been discussing did not need to use WMP = to
tell IE to open an HTML page as IE was already open and could have = done
it itself. The choice was arbitrary and not relevant to the = problem at
all.
Anyway, I'm sure you are aware that you selectively edited my message =
when you replied to exclude some relevant points. You look slimey. =
Maybe we should just stick with your silly philosophy and acknowledge =
that everything is your fault since it is your actions that would be the =
trigger for any vulnerability of this that you would be exposed to. =
Remember, it is your actions that are not safe by any stretch of the =
imagination.
Rich
"Geo." wrote in message
news:3e333f4f{at}w3.nls.net...
"Rich" wrote in message news:3e333305{at}w3.nls.net...
> I still think you are off base in a fundamental way. Some actions =
are
safe and some are not. Things that are not should require explicit =
action
or confirmation from the user. Things that are safe should not. <
Ok I can accept that, I wouldn't mind a feature in media player that =
asked
before fireing up IE and if it did that then it would have required =
action
on the part of the user and I'd consider this to be a trojan instead =
of an
exploit.
>If something is supposed to be safe and it's not then the problem is =
with
the component that isn't safe when it should be not the component that
relied on it.<
There are imo two unsafe pieces of code in the media player example, =
not
one.
How can you consider a piece of code that allows a hacker to fire up =
IE
automatically and have it download something from a site of his =
choosing to
be a safe piece of code? A media file is supposed to contain media =
that the
media player plays, it's not supposed to contain stealth instructions =
to
allow a hacker to control other applications on your computer and it
certainly should not allow a hacker to tell IE to go download =
something of
his choosing from the internet. That's not safe by any stretch of the
imagination.
Geo.
------=_NextPart_000_002E_01C2C49F.598E7E30
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
The
example we have been =
discussing=20
has only one unsafe component for which an update was released to = correct the=20
flaw. That component is IE. WMP is doing nothing =
unsafe. And=20
since you have forgotten, the complex scenario in the report we have = been=20
discussing did not need to use WMP to tell IE to open an HTML page as IE = was=20
already open and could have done it itself. The choice was =
arbitrary and=20
not relevant to the problem at all.
Anyway,
I'm sure you are =
aware that=20
you selectively edited my message when you replied to exclude some = relevant=20
points. You look slimey. Maybe we should just stick
with = your silly=20
philosophy and acknowledge that everything is your fault since it is = your=20
actions that would be the trigger for any vulnerability of this that you = would=20
be exposed to. Remember, it is your actions that are not safe by = any=20
stretch of the imagination.
Rich
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/1.45)SEEN-BY: 633/267 270 @PATH: 379/1 633/267 |
|
| SOURCE: echomail via fidonet.ozzmosis.com | |
Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.