Researcher: Microsoft security team dismissive, adversarial


A security research who disclosed a zero-day vulnerability in IE is complaining that Microsoft's security team gave him the brush-off and sent him a "rather threatening email."

Ironically, the bug is in how IE warns users of potentially unsafe active content on a website, such as an ActiveX control.

Matthew Murphy posted a detailed description of the IE bug to the Full Disclosure security mailing list, where he noted that security dialogs could be used by attackers to hijack computers or install their own code on the compromised machines. Researcher: Microsoft security team dismissive, adversarial - Security - www.itnews.com.au

Linked by shanmuga Friday, 28th April 2006 12:43AM