Whether or not an operating system has a remote command shell says nothing about its ability to withstand other attacks such as denial of service attacks.
Scott Culp Quotes (5 Quotes)
There is great customer interest in UPnP, especially as more UPnP-capable devices are becoming available. Folks who don't want UPnP can certainly turn off the service, but just applying the patch is sufficient to return it to safe operation.
The real problem is Netscape Communicator taking a powerful script and putting it out on your computer in a locale where any Web site can find it out and run it.
The responsible way to handle a security vulnerability report is to let the vendor know you believe you've found a potential vulnerability in their product so they can investigate it. That wasn't done in this case, and it's really unfortunate because the result has been that customers have been unnecessarily frightened about this issue because we were given a grand total of fewer than 12 hours between the initial report of the vulnerability and the time it went public. The goal at the end of the day is to protect customers, and responsible reporting practices suggest that the right way is to give the vendor a chance to do the investigation.
The Microsoft Internet Explorer security model allows a Web site to run any script or program that it trusts. The program exposes some fairly powerful functionality that allows a hostile Web site to glean information from a user's machine.
More Scott Culp Quotations (Based on Topics)
Service - Potential - Chance - Security - Goals - Hostility - Time - View All Scott Culp Quotations
Related Authors
- - - - - - - - - - - - - - - - - - - -