[Dshield] 0-day exploit: Microsoft Internet Explorer "Msdds.d ll"Remote Code Exe cution Exploit

Wayne.Fielder@ky.gov Wayne.Fielder at ky.gov
Thu Aug 18 19:09:15 GMT 2005

Hehehe...you are dead on right that in the US that simply won't happen.
Good heavens, can you imagine IT Security Policy being dumped in the laps of
our state Legislatures or, God Forbid, CONGRESS?!?!?!?  You folks think we
have problems NOW!

Nah...I like the idea of letting the market make up it's mind.  We're
already seeing the benefits of that approach with the marketshare of IE
losing ground with every worm/virus/botnet.  Now we have Apple announcing
their Mac OS will soon run on Intel platforms...let's see what kind of
impact that's gonna have on the OS marketshare.  Let us not forget too that
the various flavors of Linux have been making inroads as well.  Granted the
PC neophytes out there will always use windows but here's hoping that
competition...and not government mandated policy...forces MS to clean up
their act.

-----Original Message-----
From: John B. Holmblad [mailto:jholmblad at aol.com] 
Sent: Thursday, August 18, 2005 2:23 PM
To: General DShield Discussion List
Subject: Re: [Dshield] 0-day exploit: Microsoft Internet Explorer "Msdds.d
ll"Remote Code Exe cution Exploit


I agree that ethics are not necessarily clear cut.

Here is an idea: put laws on the books which require software "producers" to
respond with a viable fix plan  to notification from law enforcement that
they have an unpatched vulnerability with an exploit available. And at the
same time make it legally safe for  producers of POC code to submit such
code to (and only to) law enforcement and encourage such submission (kind of
like a so-called "whistleblower"). 
This may be harder to achieve in the U.S. which is more corporate friendly
than most of the rest of the world but in the EU it might be easier to pass
such legislation despite the "heat" that would surley come from the
aofresaid software producers, Microsoft included. In the U.S. there is
precedent for this kind of imposition of order on the free market  with the
Occupational Safety and Health Administration
(OSHA) legislation that requires minimum standards of workplace safety and
healthfulness. Why not do the same for telecommunications safety including
the Internet?

Best Regards,

John Holmblad

Televerage International

(H) 703 620 0672
(M) 703 407 2278
(F) 703 620 5388

primary email address:     jholmblad at aol.com
backup email address:      jholmblad at verizon.net

send all posts to list at lists.dshield.org To change your subscription options
(or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list

More information about the list mailing list