[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Microsoft Internet Explorer: Request for Comments



-----BEGIN PGP SIGNED MESSAGE-----



[email protected] said:
> (taking a deep breath, and donning a flame-resistant Kevlar suit...)

> We are meeting with Microsoft tomorrow (1/29, 10am EST) to discuss the
> problems in and needed enhancements for Internet Explorer 4.x.  If
> anyone would care to pass along their comments, I would welcome them.
> Note that I would prefer serious comments, although any that are both
> sufficiently humorous and not too defamatory towards Microsoft might
> also be passed along.  (We currently have lists of 73 bugs and 27
> enhancement requests...)

Suggest that Microsoft encourage peer review of of the portions of IE 
used for encryption and authentication by publishing the source code 
used to implement these functions.  The quality of the code would 
certainly improve (I don't believe it could get worse ;) if MS 
incorporated suggestions in a timely matter.  Such a move would also 
do much to improve Microsoft's reputation in the "hacker" community 
(that's "hacker" in the good sense, not the intruder/cracker/vandal 
sense) by showing that they understand that "security through 
obscurity is no security."  If Microsoft (and other companies) hear 
about the need to do this often enough from enough different source, 
perhaps they will begin to listen.

 -john.


......................................................................
.                                                                    .
.....John.D.Blair...   mailto:[email protected]   phoneto:205.975.7123 .
                   .   http://frodo.tucc.uab.edu  faxto:205.975.7129 .
 ..sys|net.admin....                                                 .
 .                     the university computer center            .....
 ..... g.e.e.k.n.i.k...the.university.of.alabama.at.birmingham....




-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv

iQCVAwUBNM+r9AJjTpK3AXhBAQEvBgQAgzqpF/qJKZL10RjcB7ixI2LMQQMHejpN
3L2/97d2wvin7amtdIgyhELnSdkaTmwZsqkbfwinlg/ay0lXx9ygFLgbcC/AsIef
54vbPat3Btu+vTrINRZOomQF85LezlTDKt6fznUaoWqCOGu9L0FeiMPSN9WqY6uG
OZg3ZVf/nvY=
=j4oQ
-----END PGP SIGNATURE-----