[37263] in bugtraq
Re: [Full-Disclosure] MSIE src&name property disclosure
daemon@ATHENA.MIT.EDU (Paul Schmehl)
Mon Nov 8 18:25:02 2004
Date: Mon, 08 Nov 2004 13:33:17 -0600
From: Paul Schmehl <pauls@utdallas.edu>
Reply-To: Paul Schmehl <pauls@utdallas.edu>
To: Michal Zalewski <lcamtuf@ghettot.org>,
Berend-Jan Wever <skylined@edup.tudelft.nl>
Cc: full-disclosure@lists.netsys.com, bugtraq@securityfocus.com
Message-ID: <E8EA5D364052FB5BB16CAADB@utd49554.utdallas.edu>
In-Reply-To: <20041108150913.X14239@dekadens.coredump.cx>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
--On Monday, November 08, 2004 03:13:57 PM +0100 Michal Zalewski
<lcamtuf@ghettot.org> wrote:
>
> Several days later, this statement surfaces in an article, showing beyond
> any doubt that they are, quite simply, lying to the public to save face
> and gain time.
>
> As much as I am not a rabid Microsoft hater, this pissed me off more than
> a bit.
>
Never attribute to malice what can be explained by incompetence. Most
likely what happened is the left hand (PR) didn't know what the right hand
(secure@) was doing.
Paul Schmehl (pauls@utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu
