From: "Jonathan S. Shapiro" <shap@eros-os.org>
Replying To: marcs <marcs@skyhunter.com>
Date: Sun, 01 Dec 2002 10:47:21 -0500
Subject: Re: [e-lang] capability myths demolished!

On Thu, 2002-11-28 at 12:47, marcs wrote:
> -- Microsoft IE has had a bug in it that allows outsiders to take full control 
> of the system if the user goes to the attacker's web page; this bug is 
> present in both IE 5.5 and IE 6.0. An attacker that didn't bother to tell 
> anyone about the exploit when he found it could have been using it for over a 
> year, subverting millions of computers, before anyone realized there was a 
> bug, much less realize that Microsoft's certificate should be revoked (oh, 
> yeah, visualize that happening :-). Once again, POLA confinement of the IE 
> application would change this from a security nightmare of catastrophic 
> proportions into a minor programming bug.


Where is this documented? marcs 

_______________________________________________
e-lang mailing list
e-lang@mail.eros-os.org
http://www.eros-os.org/mailman/listinfo/e-lang