Re: [ossig] Re: [myoss] Reasons to not use IE are too numerous tomention...

[tai <tai@xxxxxxxxxxxxxxxx>]

On Fri, 25 Jun 2004, Kenneth Wong wrote:
> On Friday 25 June 2004 21:14, tai wrote:
> > 	He forgot the following piece, 'and you will do that everytime
> > Internet Explorer has a new unfixed bug'.
> 
> Just a thought - wasn't MS claiming in their roadshow that all critical 
> bugs were fixed within 25 days? How long have the IE vulnerabilities 
> (more than 1 I believe) been  around? 

	Why bother with IE bugs when there's one critical bug that's been 
in existence since Windows 3.1, AND STILL HAS NOT BEEN FIXED!!!

	Hmm, I should go through my emails and prepare a page on that.  
*ponder*  I think I still have the emails from Entrust and xCert verifying 
that bug.

	Short summary (you can find it in myoss archives) is that Peter 
Gutmann was informed about a bug in the Cryptographic Service Provider 
(yeah, the piece that handles encryption/ssl/all that shit), writes 3 
papers, breakms.txt, breakms2.txt and breakms3.txt.  He notes that the bug 
has been in existence since Windows 3.1, and will probably never be fixed 
since it's too deep in the bowels of Win32.

	Of course, one of the conference calls I was on with Microsoft when 
I was doing PKI work at FedEx was about using Windows as my PKI servers 
*laugh*  Too bad my director did not allow me to ask the above question.

-Tai "note to self, prepare win 3.1 bug page"
-- 
http://www.vcnet.com/bms/features/serendipities.html
http://www2.hunter.com/~skh/humor/admin-horror.html
http://www.despair.com/demotivators/cluelessness.html
"What we have done with PCs so far is not natural" - Craig Mundie, CTO Microsoft


---------------------------------------------------------
To unsubscribe: send mail to ossig-request@mncc.com.my
with "unsubscribe ossig" in the body of the message