TIP: Click on subject to list as thread!

ANSI

echo:	nthelp
to:	Geo.
from:	Rich
date:	2003-01-25 14:07:00
subject:	Re: More fiction, more nonsense
From: "Rich" This is a multi-part message in MIME format. ------=_NextPart_000_0048_01C2C47B.07BCF240 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Your lack of a better description relects poorly on you. Why do you = persist in making yourself look bad? A user that prefers Netscape wouldn't be affected by the scenario you = reported because the window opened by WMP is in the user's selected = default browser and the source of the vulnerability was IE specific. Whether you run IE as guest, normal user, or admin makes no = difference. It's intended to be safe for all and if not due to an issue = with IE than that is an IE issue and not the fault of you the user. Now = if IE prompts or warns you and you take explicit action to continue then = the fault is yours. Rich "Geo." wrote in message = news:3e32ec45$1{at}w3.nls.net... "Rich" wrote in message news:3e322002{at}w3.nls.net... > You would do the same by opening the web page by any other means.< Yes but there is a major difference. For example a user who prefers = Netscape won't be affected simply because MS requires IE be installed for = certain management functions if IE can't be started up via these webbug like features in media player (for lack of a better description). >There are obviously choices in implementation and others may do = differently but OE and Outlook both perform this resolution for themselves using = public APIs provided in Windows for pluggable protocol support. While IE = (more accurately MSHTML) provides the rendering engine for both of these, = the relevant component is owned by the applications and IE is just doing = what it was asked. < Interesting point and I can understand that pov, but I believe it = depends on the access level being passed to the code that determines what is = being exploited. As an example if I startup media player with run as guest = instead of as my logged in user and it fires up IE as guest level, then I view = it as media player being exploited since if I clicked on a link IE would = have run as my user not as guest. I believe that to be a significant difference because I could easily be running as guest and fire up media player = with a run as admin (media player being a bad example of something you would = run with a high access level of course). Geo. ------=_NextPart_000_0048_01C2C47B.07BCF240 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Your lack of a better = description=20 relects poorly on you. Why do you persist in making yourself look=20 bad? A user that prefers = Netscape wouldn't=20 be affected by the scenario you reported because the window opened by = WMP is in=20 the user's selected default browser and the source of the vulnerability = was IE=20 specific. Whether you run IE as = guest, normal=20 user, or admin makes no difference. It's intended to be safe for = all and=20 if not due to an issue with IE than that is an IE issue and not the = fault of you=20 the user. Now if IE prompts or warns you and you take explicit = action to=20 continue then the fault is yours. Rich "Geo." <georger{at}nls.net>">mailto:georger{at}nls.net">georger{at}nls.net> wrote=20 in message news:3e32ec45$1{at}w3.nls.net..."Rich"=20 <{at}> wrote in message news:3e322002{at}w3.nls.net...>= =20 You would do the same by opening the web page by any other=20 means.<Yes but there is a major difference. For example a = user who=20 prefers Netscapewon't be affected simply because MS requires IE be = installed for certainmanagement functions if IE can't be started = up via=20 these webbug likefeatures in media player (for lack of a better=20 description).>There are obviously choices in = implementation and=20 others may do differentlybut OE and Outlook both perform this = resolution=20 for themselves using publicAPIs provided in Windows for pluggable = protocol=20 support. While IE (moreaccurately MSHTML) provides the = rendering=20 engine for both of these, therelevant component is owned by the=20 applications and IE is just doing what itwas asked.=20 <Interesting point and I can understand that pov, but I = believe it=20 depends onthe access level being passed to the code that = determines what=20 is beingexploited. As an example if I startup media player with = run as=20 guest insteadof as my logged in user and it fires up IE as guest = level,=20 then I view it asmedia player being exploited since if I clicked = on a link=20 IE would have runas my user not as guest. I believe that to be a=20 significant differencebecause I could easily be running as guest = and fire=20 up media player with arun as admin (media player being a bad = example of=20 something you would runwith a high access level of=20 course).Geo. ------=_NextPart_000_0048_01C2C47B.07BCF240-- --- BBBS/NT v4.01 Flag-4 * Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/1.45) SEEN-BY: 633/267 270 @PATH: 379/1 633/267
SOURCE: echomail via fidonet.ozzmosis.com

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.