[Dshield] 0-day exploit: Microsoft Internet Explorer "Msdds.d ll"Remote Code Exe cution Exploit

Valdis.Kletnieks@vt.edu Valdis.Kletnieks at vt.edu
Thu Aug 18 17:18:36 GMT 2005

On Thu, 18 Aug 2005 12:54:25 EDT, "John B. Holmblad" said:

> release of technical details. Having said that I don't think it is at 
> all ethical to use the public release of exploit code to put pressure on 
> the code owner to fix the problem.

What do you do when you've run out of ethical means to put pressure on the code
owner to fulfill *their* ethical responsibilities to fix known holes in the code?
It becomes an even bigger ethical quandary when the code owner isn't some small
shop that *wants* to fix it but simply doesn't have the resources, but is some
large organization that has already been proved ethically challenged in a court
of law...

I see you list a (703) area code for telephone - that puts you in the US.  Now
keep in mind that back some 230 years ago, the British didn't exactly think they
were being treated ethically when they were marching in columns wearing red coats,
and kept getting picked off by well-camouflaged snipers hiding behind fences and

If ethics were clear-cut, there wouldn't be so many variant formulations....
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20050818/8e046a8d/attachment-0001.bin

More information about the list mailing list