Michael Sutton
Michael Sutton
creative exists explorer internet leverage nobody publishing pulls somebody sure
The vulnerability still exists in Internet Explorer in that it's very lenient in how it pulls CSS, but right now nobody is publishing a way that it can be leveraged to do something useful. That's not to say that somebody won't find a way. I'm sure somebody will come up with a creative way to leverage it to do something evil.
degree draw easy file full further hard leverage malicious people relatively site social takes web
This is relatively easy to exploit. It takes some degree of social engineering -- the attacker would have to draw people to a malicious Web site -- but after that, there's no further intervention required. An attacker could leverage this to write to a file on the hard drive. And once you can write to a person's machine, you have full control.
capability code create default difficult display exploit generally image instead media page player public render ripe target though uses web windows
Even though Windows Media Player is not something generally used to render images, it has the capability of doing that. It's not difficult to create a Web page that uses Windows Media Player to display an image instead of the default application. I think it's a ripe target for exploitation if we see public exploit code for it.
champions ocean potential
Ocean Champions has the potential to be one of the most transformative things we've ever done in the whole conservation movement.
certainly code exploit implement patch recommend until users
I would certainly recommend that users implement the vendor workarounds until a patch is made available. We feel that exploit code can and will be created.
both front identify major rewards secure valuable
Many of our most valuable contributors consistently identify significant vulnerabilities that may never make the front page, but both avert major exploitation and secure considerable compensation through our rewards program.
code free information model pay quite researcher review wants
The only model that makes no sense to me is the altruistic model. The vendor wants the researcher to do his code review for free and that doesn't quite fly. They are profiting from the vulnerability information but they don't want to pay for it.
code expect exploit public
Patching is very urgent. We expect public exploit code to become available, especially for the MSDTC issue.
code expect exploit public
Patching is very urgent, ... We expect public exploit code to become available, especially for the MSDTC issue.
drank drinking
He wasn't even drinking or anything. Never drank before.
america applaud compass decision food group healthy major market north ocean seafood similar step support toward ways
We applaud Compass Group North America for its leadership. Its commitment, and a similar decision by major food retailer Wal-Mart, is a significant step toward transformation of the seafood market in ways that support sustainable fisheries and healthy ocean ecosystems.
aware code exploit public
We're not aware of any public exploit code for it at this time.
credited encourage looking reporting
In 2005, we were credited with reporting 3 'critical' vulnerabilities to Microsoft, and we want to encourage our contributors to keep looking in that direction.
directly effort further latest loyal pay people programs reward various
We pay people directly for their submissions, and then we also have various programs to reward our loyal contributors and keep them working with us. This is our latest effort to further reward them.