Slashdot Mirror
Domain: secunia.com
Stories and comments across the archive that link to secunia.com.
Comments · 2,642
-
Re:Truth or Dare?
-
Re:why even use ActiveX?
Do not forget the HP products either:
"Tandem" nonstop mainframes:
http://h20223.www2.hp.com/nonstopcomputing/cache/7 6385-0-0-0-121.aspx
OpenVMS:
http://secunia.com/product/6052/?task=statistics http://h71000.www7.hp.com/index.html?jumpid=/go/op envms
http://www.openvms.org/
There is also some Japanese products that rock. Windows and Unix do not have all the market yet. It is nice that we get more and more of these advanced features on Linux. -
Re:not using .. yet.
I think Firefox 2 vs. IE7 is still a no-brainer. Secunia reports IE7 still has more security vulnerabilities than Firefox 2. IE7 still lags in standards support compared to Firefox 2. I do agree that Mozilla needs to put more emphasis on getting Firefox to corporate users, such as making Firefox MSIs available. When they do, that will just make Firefox all the more popular.
-
Re:not using .. yet.
I think Firefox 2 vs. IE7 is still a no-brainer. Secunia reports IE7 still has more security vulnerabilities than Firefox 2. IE7 still lags in standards support compared to Firefox 2. I do agree that Mozilla needs to put more emphasis on getting Firefox to corporate users, such as making Firefox MSIs available. When they do, that will just make Firefox all the more popular.
-
Adobe Reader != PDFComplex file format, typical reader software closed source, could have any number of eploitable security holes
The same is true of HTML.
Oh, and in case you've been on a different planet recently: http://secunia.com/advisories/23666/As I understand this Secunia report, it describes a defect in a specific product made by Adobe Systems, not an inherent flaw in PDF. Does Foxit Reader have the same problem? What about Mac OS X's built-in viewer? What about GSview?
-
Re:email designers?
What's the security risk of opening a PDF?
Complex file format, typical reader software closed source, could have any number of eploitable security holes...
Oh, and in case you've been on a different planet recently: http://secunia.com/advisories/23666/
And that's just one of the ones we know about... -
Re:No Wonder Jobs Didn't Talk About OS X Yesterday
Tens of thousands? Hyperbole much?
-
Re:What's this control named "Rootkit" do?
Secunia had identified it as critical, so it looks legit:
http://secunia.com/advisories/23003/ -
Re:So can this be neutralized?
No files to delete. You can either set the activeX control to not run or not run activeX.
-
Wow! Talk about complete incompetence!
Mac isn't just "an" answer, it is the *only* answer. You want security and not too worried about simplicity? Linux or a Mac.
Talk about fanboy CYA. First you state that a Mac (presumably you mean the OS X operating system, as you use it in the same breath as Linux) is the only solution, and then only a few words later you state that Linux is a possibility as well. Can't risk being modded down for not being a mindless Linux fanboy on Slashdot, can you?
You willing to re-work of all Microsoft's incorrect settings
Windows lets you create normal user accounts with limited privileges. The installation requires that you create one administrative account and then as many limited user accounts as you desire. The only incorrect settings are those you ignorantly apply yourself.
patch all the browser vulnerabilities
How is this different than any other browser (or any other application, for that matter)? All applications have defects, such as Firefox, Quicktime, Opera, and OS X. These defects need to be patched (or perhaps I should assume that you don't patch vulnerabilities in software you use- including those in OS X- because you feel there's no threat).
reboot your PC every few days because MS has discovered another severe vulnerability in their spaghetti code
Are you serious? Every few days? Considering "Patch Tuesday" occurs once a month, you would be required to, at most, reboot your machine once a month. The reboot is only required in certain circumstances because Windows won't let you update a file that's currently in use. *nix systems allow modifications to active files, but active processes still only are able to use the previous version, which can be a nightmare when applying patches. While it's a matter of preference, I know many administrators that would rather reboot a machine to ensure that all processes are using the updated library than being forced to make this determination manually.
Endless entertainment for puzzle solvers who don't care about their data security or computer availability
This doesn't say much for your technical abilities. I have been highly successful in educating the least knowledgeable computer users (read: home users) in basic security practices. It's quite simple- don't run as an administrator. -
Wow! Talk about complete incompetence!
Mac isn't just "an" answer, it is the *only* answer. You want security and not too worried about simplicity? Linux or a Mac.
Talk about fanboy CYA. First you state that a Mac (presumably you mean the OS X operating system, as you use it in the same breath as Linux) is the only solution, and then only a few words later you state that Linux is a possibility as well. Can't risk being modded down for not being a mindless Linux fanboy on Slashdot, can you?
You willing to re-work of all Microsoft's incorrect settings
Windows lets you create normal user accounts with limited privileges. The installation requires that you create one administrative account and then as many limited user accounts as you desire. The only incorrect settings are those you ignorantly apply yourself.
patch all the browser vulnerabilities
How is this different than any other browser (or any other application, for that matter)? All applications have defects, such as Firefox, Quicktime, Opera, and OS X. These defects need to be patched (or perhaps I should assume that you don't patch vulnerabilities in software you use- including those in OS X- because you feel there's no threat).
reboot your PC every few days because MS has discovered another severe vulnerability in their spaghetti code
Are you serious? Every few days? Considering "Patch Tuesday" occurs once a month, you would be required to, at most, reboot your machine once a month. The reboot is only required in certain circumstances because Windows won't let you update a file that's currently in use. *nix systems allow modifications to active files, but active processes still only are able to use the previous version, which can be a nightmare when applying patches. While it's a matter of preference, I know many administrators that would rather reboot a machine to ensure that all processes are using the updated library than being forced to make this determination manually.
Endless entertainment for puzzle solvers who don't care about their data security or computer availability
This doesn't say much for your technical abilities. I have been highly successful in educating the least knowledgeable computer users (read: home users) in basic security practices. It's quite simple- don't run as an administrator. -
Wow! Talk about complete incompetence!
Mac isn't just "an" answer, it is the *only* answer. You want security and not too worried about simplicity? Linux or a Mac.
Talk about fanboy CYA. First you state that a Mac (presumably you mean the OS X operating system, as you use it in the same breath as Linux) is the only solution, and then only a few words later you state that Linux is a possibility as well. Can't risk being modded down for not being a mindless Linux fanboy on Slashdot, can you?
You willing to re-work of all Microsoft's incorrect settings
Windows lets you create normal user accounts with limited privileges. The installation requires that you create one administrative account and then as many limited user accounts as you desire. The only incorrect settings are those you ignorantly apply yourself.
patch all the browser vulnerabilities
How is this different than any other browser (or any other application, for that matter)? All applications have defects, such as Firefox, Quicktime, Opera, and OS X. These defects need to be patched (or perhaps I should assume that you don't patch vulnerabilities in software you use- including those in OS X- because you feel there's no threat).
reboot your PC every few days because MS has discovered another severe vulnerability in their spaghetti code
Are you serious? Every few days? Considering "Patch Tuesday" occurs once a month, you would be required to, at most, reboot your machine once a month. The reboot is only required in certain circumstances because Windows won't let you update a file that's currently in use. *nix systems allow modifications to active files, but active processes still only are able to use the previous version, which can be a nightmare when applying patches. While it's a matter of preference, I know many administrators that would rather reboot a machine to ensure that all processes are using the updated library than being forced to make this determination manually.
Endless entertainment for puzzle solvers who don't care about their data security or computer availability
This doesn't say much for your technical abilities. I have been highly successful in educating the least knowledgeable computer users (read: home users) in basic security practices. It's quite simple- don't run as an administrator. -
Wow! Talk about complete incompetence!
Mac isn't just "an" answer, it is the *only* answer. You want security and not too worried about simplicity? Linux or a Mac.
Talk about fanboy CYA. First you state that a Mac (presumably you mean the OS X operating system, as you use it in the same breath as Linux) is the only solution, and then only a few words later you state that Linux is a possibility as well. Can't risk being modded down for not being a mindless Linux fanboy on Slashdot, can you?
You willing to re-work of all Microsoft's incorrect settings
Windows lets you create normal user accounts with limited privileges. The installation requires that you create one administrative account and then as many limited user accounts as you desire. The only incorrect settings are those you ignorantly apply yourself.
patch all the browser vulnerabilities
How is this different than any other browser (or any other application, for that matter)? All applications have defects, such as Firefox, Quicktime, Opera, and OS X. These defects need to be patched (or perhaps I should assume that you don't patch vulnerabilities in software you use- including those in OS X- because you feel there's no threat).
reboot your PC every few days because MS has discovered another severe vulnerability in their spaghetti code
Are you serious? Every few days? Considering "Patch Tuesday" occurs once a month, you would be required to, at most, reboot your machine once a month. The reboot is only required in certain circumstances because Windows won't let you update a file that's currently in use. *nix systems allow modifications to active files, but active processes still only are able to use the previous version, which can be a nightmare when applying patches. While it's a matter of preference, I know many administrators that would rather reboot a machine to ensure that all processes are using the updated library than being forced to make this determination manually.
Endless entertainment for puzzle solvers who don't care about their data security or computer availability
This doesn't say much for your technical abilities. I have been highly successful in educating the least knowledgeable computer users (read: home users) in basic security practices. It's quite simple- don't run as an administrator. -
Re:Use Macs
Really? I'm intrigued by this comment. Could you cite some *independent* sources that back this up?
Without knowing what you consider "independent", maybe not. However, Secunia should get you started, as will Google.
A comparison of the Secumia advisories for IIS6 and Apache 2.2 is somthing I havent looked at before, and is interesting. Given that they have both had three vulnerabilties it's perhaps going a bit far to say that IIS has the better security, particularily given that the Apache vulnaribilities are arguably less critical in nature over all. However props to MS for having 0 unpatched vulnaribilities in IIS compared to 1 for Apache.
Arguably given the number of insecure applications running on top of either Apache or IIS these days application vulnerabilities are much more relevant than web server vulnerabilities anyway. I certainly see many more attempts to compramise vulnerable instances of applications such as AWStats, phpMyAdmin and phpBB than attacks against the underlying web server these days.
Additionally, before stating Apache is more prolific, you may wish to consider that Netcraft's methodology is a flawed way for determining this, and hence their data does not support the assertion.
Not guilty of this one, you want grahammm... -
Re:Use Macs
Really? I'm intrigued by this comment. Could you cite some *independent* sources that back this up?
Without knowing what you consider "independent", maybe not. However, Secunia should get you started, as will Google.
A comparison of the Secumia advisories for IIS6 and Apache 2.2 is somthing I havent looked at before, and is interesting. Given that they have both had three vulnerabilties it's perhaps going a bit far to say that IIS has the better security, particularily given that the Apache vulnaribilities are arguably less critical in nature over all. However props to MS for having 0 unpatched vulnaribilities in IIS compared to 1 for Apache.
Arguably given the number of insecure applications running on top of either Apache or IIS these days application vulnerabilities are much more relevant than web server vulnerabilities anyway. I certainly see many more attempts to compramise vulnerable instances of applications such as AWStats, phpMyAdmin and phpBB than attacks against the underlying web server these days.
Additionally, before stating Apache is more prolific, you may wish to consider that Netcraft's methodology is a flawed way for determining this, and hence their data does not support the assertion.
Not guilty of this one, you want grahammm... -
Re:Use Macs
Really? I'm intrigued by this comment. Could you cite some *independent* sources that back this up?
Without knowing what you consider "independent", maybe not. However, Secunia should get you started, as will Google.
A comparison of the Secumia advisories for IIS6 and Apache 2.2 is somthing I havent looked at before, and is interesting. Given that they have both had three vulnerabilties it's perhaps going a bit far to say that IIS has the better security, particularily given that the Apache vulnaribilities are arguably less critical in nature over all. However props to MS for having 0 unpatched vulnaribilities in IIS compared to 1 for Apache.
Arguably given the number of insecure applications running on top of either Apache or IIS these days application vulnerabilities are much more relevant than web server vulnerabilities anyway. I certainly see many more attempts to compramise vulnerable instances of applications such as AWStats, phpMyAdmin and phpBB than attacks against the underlying web server these days.
Additionally, before stating Apache is more prolific, you may wish to consider that Netcraft's methodology is a flawed way for determining this, and hence their data does not support the assertion.
Not guilty of this one, you want grahammm... -
Re:Use Macs
Really? I'm intrigued by this comment. Could you cite some *independent* sources that back this up?
Without knowing what you consider "independent", maybe not. However, Secunia should get you started, as will Google.
Additionally, before stating Apache is more prolific, you may wish to consider that Netcraft's methodology is a flawed way for determining this, and hence their data does not support the assertion.
-
Firefox... never safe in 2006?http://secunia.com/advisories/12403/
according to that page, that vulnerability was never patched...
-
Yes that's exactly what I did
I firewalled it, and used Firefox, and Thunderbird so I'm not exposed to Microsoft risks and didn't get the IE7 patch or any other superfluous patches.
Without the forced 'upgrades' and resultant security holes they opened, I not longer have problems.
http://secunia.com/advisories/22477/ -
Fix The Problem With Firefox 2 First
Yet they leave a security vulnerability unpatched, and they are developing the next version?!
Who said that Firefox is secure?! -
Handy tool - Check for insecure software
Secunia released a new tool last week. You can use this to verify that you have the latest secure versions of software installed, including MS updates. http://secunia.com/software_inspector/
-
IE7 not clean: Secunia shows 3 unpatched holes
IE7 is not clean: Secunia shows there are 3 unpatched holes:
http://secunia.com/product/12366/?task=advisories_ 2006 -
Re:Microsoft Recommends..
I'll use your only argument that OS X is secure (which I've already addressed over, and over), and replace "OS X" with "MS-DOS 6.22".
Which, of course, would be a strawman, given that OS X isn't MS-DOS 6.22.Cite a single "remote vulnerability exploit in the wild" against MS-DOS 6.22. You can't, go ahead, I dare you. With Windows I have to worry about hackers writing remote exploits, but with MS-DOS 6.22 none exist at all. MS-DOS 6.22 is therefore more secure than Windows NT 5.x.
This argument is so incredibly stupid, because MS-DOS 6.22 is a dead operating system that hasn't been in use for over 10 years, while Mac OS X represents at least 15% of the world's computers with 18 million OS X users and growing, according to IDC. That's a very large segment of the population that you claim is vulnerable yet sees no viruses or trojans, even with no antivirus software and a firewall off by default. You are really getting desperate now.By the way, cite a remote exploit for Windows XP SP2.
IE flaw puts Windowss XP SP2 at risk
Windows Metafile Format vulnerability
XP SP2 Firewall bug
More Internet Explorer vulnerabilities that bypass SP2 security features
Hell, just do a Google search for "XP SP2 remote exploit," because I could go on and on and on here. It's pointless.It's called an inbound firewall, and any OS with one, which isn't being used as a server, can't have a remote exploit in the sense you require.
What a stupid claim. A firewall means nothing if there's another vector of attack. For instance, a flaw in WMF or a zero-day exploit in Microsoft Word that owns your system just by opening a file.This makes the number of remote exploits an absurd metric for desktop computer security. What about number of vulnerabilities / number of users? Who do you think would have the largest ratio out of Apple and Microsoft given this more sensible metric?
Well, according to the numbers, that would be Microsoft. But you're wrong in claiming exploits are an absurd metric (amusingly, after you spent so many posts focusing on them). The fact remains that OS X's inherent security model stops any security flaws from being exploited remotely and spreading to other users through the Internet.
I notice you ignored all other points I raised. I acknowledge your lack of counterarguments, and I suspect that next time, you'll do better research before you begin citing poor examples for your claims.
Next. -
Re:Philosophy of pick-your-poison
Apple is not new in the marketplace, but I wouldn't call NeXtstep (Job's baby) an apple product. They are relatively new, as I said, in relation to WinXP and Linux 2.x. OSX was not merely an incremental upgrade from their previous OS's.
To say they have "a lot of bugs to shake out," does them a disservice and only furthers the FUD. Define "a lot" and compare it to the bugs on all the other platforms.
Gladly, and your argument will partially stand up. Remember, though, bugs are often found by users. Virtually ALL OS's go through a phase where huge numbers of security issues are found. I say they have a lot of bugs to shake out because of this newness, and I admit that's my conjecture. I would put a lot of cash that says several more serious bugs will be filtering in over the next year.
Here are some statistics. I wasn't meaning to further the FUD, either. You'll see that, so far, Apple is doing merely "okay". And this is exactly why I was saying you have to judge the bugs by the impact, not just the sheer number of them.
Scroll to the bottom for impact graphs
OSX graphs
winXP pro graphs
linux 2.6 graphs
Note these are not "out of the box" configurations, but merely reports of security holes. So I couldn't provide "default" security status. -
Re:Philosophy of pick-your-poison
Apple is not new in the marketplace, but I wouldn't call NeXtstep (Job's baby) an apple product. They are relatively new, as I said, in relation to WinXP and Linux 2.x. OSX was not merely an incremental upgrade from their previous OS's.
To say they have "a lot of bugs to shake out," does them a disservice and only furthers the FUD. Define "a lot" and compare it to the bugs on all the other platforms.
Gladly, and your argument will partially stand up. Remember, though, bugs are often found by users. Virtually ALL OS's go through a phase where huge numbers of security issues are found. I say they have a lot of bugs to shake out because of this newness, and I admit that's my conjecture. I would put a lot of cash that says several more serious bugs will be filtering in over the next year.
Here are some statistics. I wasn't meaning to further the FUD, either. You'll see that, so far, Apple is doing merely "okay". And this is exactly why I was saying you have to judge the bugs by the impact, not just the sheer number of them.
Scroll to the bottom for impact graphs
OSX graphs
winXP pro graphs
linux 2.6 graphs
Note these are not "out of the box" configurations, but merely reports of security holes. So I couldn't provide "default" security status. -
Re:Philosophy of pick-your-poison
Apple is not new in the marketplace, but I wouldn't call NeXtstep (Job's baby) an apple product. They are relatively new, as I said, in relation to WinXP and Linux 2.x. OSX was not merely an incremental upgrade from their previous OS's.
To say they have "a lot of bugs to shake out," does them a disservice and only furthers the FUD. Define "a lot" and compare it to the bugs on all the other platforms.
Gladly, and your argument will partially stand up. Remember, though, bugs are often found by users. Virtually ALL OS's go through a phase where huge numbers of security issues are found. I say they have a lot of bugs to shake out because of this newness, and I admit that's my conjecture. I would put a lot of cash that says several more serious bugs will be filtering in over the next year.
Here are some statistics. I wasn't meaning to further the FUD, either. You'll see that, so far, Apple is doing merely "okay". And this is exactly why I was saying you have to judge the bugs by the impact, not just the sheer number of them.
Scroll to the bottom for impact graphs
OSX graphs
winXP pro graphs
linux 2.6 graphs
Note these are not "out of the box" configurations, but merely reports of security holes. So I couldn't provide "default" security status. -
Re:translation
What about zero advisories after one year from the initial release? http://secunia.com/product/6782
-
SQL Server 2005 has zero published security bugs.
Yes, because it's hard to compare against Microsoft SQL Server 2005's ZERO PUBLISHED SECURITY BUGS. That's right folks, Secunia have listed no security vunerablities in Microsoft SQL Server 2005 at all.
(For comparison, Oracle 10g's entry, with six hits from 2006, one of which they list as unpatched and another as partially patched. 13 advisories overall.) -
SQL Server 2005 has zero published security bugs.
Yes, because it's hard to compare against Microsoft SQL Server 2005's ZERO PUBLISHED SECURITY BUGS. That's right folks, Secunia have listed no security vunerablities in Microsoft SQL Server 2005 at all.
(For comparison, Oracle 10g's entry, with six hits from 2006, one of which they list as unpatched and another as partially patched. 13 advisories overall.) -
Secunia verdict: FF still more secure than IE
The clock is ticking... will Firefox beat IE's response time?
according to secunia, IE7 has more severe bugs unpatched, the most severe also affects IE6 and is known since 2006-10-30
http://secunia.com/product/12366/?task=advisories_ 2006
http://secunia.com/product/12434/?task=advisories_ 2006 -
Secunia verdict: FF still more secure than IE
The clock is ticking... will Firefox beat IE's response time?
according to secunia, IE7 has more severe bugs unpatched, the most severe also affects IE6 and is known since 2006-10-30
http://secunia.com/product/12366/?task=advisories_ 2006
http://secunia.com/product/12434/?task=advisories_ 2006 -
Re:yes...
http://blogs.msdn.com/ie [for the good] ie team blog http://secunia.com/product/12366/ [ for the bad] ie7 vulnerability report http://www.microsoft.com/windows/ie/community/ [for the both] ie community page
-
Re:2.0 Good reasons to switch to Opera
"Alright, netcraft showed that Apache was the dominant webserver, yet the webserver that gets exploited the most is IIS -- This could be the case with other Microsoft software if they were put into that situation."
IIS blows Apache away wrt security, what are you talking about?
Here are the security advisories for IIS6 and Apache2, since 2003 (the year that IIS6 was released):
IIS6 security advisories
Number of security advisories: THREE (You read right, just THREE).
Two were rated as "Moderately Critical", the other rated as "Not Critical".
All three have been patched.
http://secunia.com/product/73/?task=statistics>Apa che 2 security advisories
Number of security advisories: 31
3% were "Highly Critical", 32% "Moderately Critical", 55% "Less Critical", and 10% "Not Critical".
10% are unpatched today, and another 3% have a "Partial Fix".
Slashdotters love to trot out the "axiom" that "Apache is more secure than IIS", and then base conclusions on it. Well guess what, your "axiom" is false. So you'd best cease trying to prove things based on it.
(BTW, only someone engaging in sophistry would assert that market share is irrelevant to number of attacks. Someone living isolated in the woods can leave his cabin completely unlocked and still be less subject to burglaries than someone living in the city with his house locked up tight.) -
Re:2.0 Good reasons to switch to Opera
"Alright, netcraft showed that Apache was the dominant webserver, yet the webserver that gets exploited the most is IIS -- This could be the case with other Microsoft software if they were put into that situation."
IIS blows Apache away wrt security, what are you talking about?
Here are the security advisories for IIS6 and Apache2, since 2003 (the year that IIS6 was released):
IIS6 security advisories
Number of security advisories: THREE (You read right, just THREE).
Two were rated as "Moderately Critical", the other rated as "Not Critical".
All three have been patched.
http://secunia.com/product/73/?task=statistics>Apa che 2 security advisories
Number of security advisories: 31
3% were "Highly Critical", 32% "Moderately Critical", 55% "Less Critical", and 10% "Not Critical".
10% are unpatched today, and another 3% have a "Partial Fix".
Slashdotters love to trot out the "axiom" that "Apache is more secure than IIS", and then base conclusions on it. Well guess what, your "axiom" is false. So you'd best cease trying to prove things based on it.
(BTW, only someone engaging in sophistry would assert that market share is irrelevant to number of attacks. Someone living isolated in the woods can leave his cabin completely unlocked and still be less subject to burglaries than someone living in the city with his house locked up tight.) -
Re:Because, of course, Windows Firewall is awesome
Considering the number of security alerts concerning ZoneAlarm compared to the ones concerning Windows Firewall I would not be so proud...
Yeah because there are so many vulnerabilities in ZoneAlarm. </sarcasm> -
Re:Because, of course, Windows Firewall is awesome
Considering the number of security alerts concerning ZoneAlarm compared to the ones concerning Windows Firewall I would not be so proud...
Yeah because there are so many vulnerabilities in ZoneAlarm. </sarcasm> -
Re:Because, of course, Windows Firewall is awesome
Considering the number of security alerts concerning ZoneAlarm compared to the ones concerning Windows Firewall I would not be so proud...
Yeah because there are so many vulnerabilities in ZoneAlarm. </sarcasm> -
Freedom ought to be more valued.
An anonymous reader writes (and
SecurityFocus reports an unpatched highly critical vulnerability in Firefox 2.0. This defect has been known since June 2006 but no patch has yet been made available. The developers claimed to have fixed the problem in 1.5.0.5 according to Secunia, but the problem still exists in 2.0 according to SecurityFocus (and I have witnessed the crash personally).
When I tried the link in the article Secunia points to as an exploit of that bug, I see that it tells me there are two testcases, one of which was fixed in Firefox 1.5.0.7 and 2.0 and the other is called "a denial-of-service condition that is an annoyance, but is not exploitable to compromise your system" but remains unfixed.
If security is the main reason users should switch to Firefox, how do we explain known vulnerabilities remaining unpatched across major releases?
This is the more important of the two questions and the easier to answer: security is not the main reason users should switch to any free software web browser (including, but not limited to, Firefox). Users should switch to a free software browser because users should switch to free software, and browsers are an important part of modern-day computing. Despite Mozilla's focus on "open source" values (speedy development, fewer bugs, other values that are designed to appeal chiefly to business managers) which are sometimes simply lies (as one can see with the bug that the anonymous poster brings up here), that's not the reason to value any free software. One ought to value Firefox as a contribution to a free society where people can treat friends as friends and build communities who share without having to do so in the dark in fear of being discovered as copyright infringers. Mozilla won't tell you this; they're too busy pushing aside software freedom for its own sake to talk about this. It's unfortunate they have not taken any time to teach their audience this while Microsoft worked on MSIE7. Ironically, software freedom is the one thing Firefox will always have over MSIE for as long as Firefox remains free software and MSIE remains proprietary; technical features can be reimplemented and even patented to prevent competition, but software freedom is something no proprietor can deliver. Catering to businesses who distribute free software can be helpful but such interests remain shallow.
-
Re:This old exploit still crashes v2.0.
NoScript of course easily thwarts this, truly my favorite plugin for Firefox for a reason. It's amazing how many sites want Java but don't need it to function correctly. Most of what they're trying to unleash on you is various flavors of popups and other such unwanted nonsense.
All that being said, it's pretty ridiculous that Firefox 2.0 is still vulnerable to this. I can see why the Deb people would want to develop Iceweasel. Still, this bug is young compared to all these vulnerabilities from 2004 in IE6 (yes, and 7 also): http://secunia.com/product/11/?task=advisories -
Security
One of IE7's revolutionary features was supposed to be security, although it took less than 24 hours for Secunia to post an advisory about a security hole. Moreover, the bug seemed to be carried over from as early as IE5.5. What approach did you take to improve browser's security, and how come the vulnerabilities have been carried over?
-
Security
One of IE7's revolutionary features was supposed to be security, although it took less than 24 hours for Secunia to post an advisory about a security hole. Moreover, the bug seemed to be carried over from as early as IE5.5. What approach did you take to improve browser's security, and how come the vulnerabilities have been carried over?
-
Re:Firefox
ok, here you go: http://secunia.com/advisories/12580/
-
Re:Its not true
That's not actually what they're doing. Try connecting to that address. Here's what you get:
Trying 213.150.41.226...
Connected to secunia.com.
Escape character is '^]'.
GET
Host: www.secunia.com
Connection: close
HTTP/1.1 302 Found
Date: Thu, 19 Oct 2006 19:30:39 GMT
Server: Apache
location: http://secunia.com/ie_redir_test_1
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html
0
They're sending an HTTP redirect, and the browser's following it. It will then send the cookies for the redirected URL to the server, and the server will return data expecting it to go into its own security context. This does allow data stealing. -
Re:Old exploit
That is why Firefox is my primary browser
Me too. Firefox does not let their brower go unpatched.
-
Re:Old exploit
That is why Firefox is my primary browser
Me too. Firefox does not let their brower go unpatched.
-
Re:Old exploit
That is why Firefox is my primary browser
Me too. Firefox does not let their brower go unpatched.
-
Re:Firefox
I believe he might be referring this one: http://secunia.com/advisories/20442/
-
Re:Opera doesn't want to feel left out
http://secunia.com/product/4227/?task=statistics reports that firefox 1.x has 36 advisories (3% of them is extremely critical) Opera 8 has only 15 advisories (0% extremely critical) Opera 9 has only 2 one high and one moderate. So shut your mouth as it is the safest and fastest browser on earth.
-
Re:Firefox
you'll be hard pressed to find a vulnerability in FF that has been known for years and still gone unfixed
Stealing from another post, how about this and this? -
Re:Firefox
you'll be hard pressed to find a vulnerability in FF that has been known for years and still gone unfixed
Stealing from another post, how about this and this?