P
Pop Rivet
vulnerabilities that IE brings toDavid H. Lipman said:
The key word being "has", which is past tense. Keep
reading.
reading.
P
Pop Rivet
Another neandertal heard from.
G
Gabriele Neukam
On that special day, , ([email protected]) said...
Fixed by now
http://bugzilla.mozilla.org/show_bug.cgi?id=253121
They're *fast*
Gabriele Neukam
(e-mail address removed)
Ah! A fairly recent Firefox cache issue. Well, that's something. I
guess
Fixed by now
http://bugzilla.mozilla.org/show_bug.cgi?id=253121
They're *fast*
Gabriele Neukam
(e-mail address removed)
P
Pop Rivet
Frederic Bonroy said:
No, IE has been defraulted to its most functional states.
The fact that you CANNOT do things with those other browsers
makes them undesirable IMO, and if I want THAT kind of
capability, it's readily available in IE. Why would I want
to use something crippled like that? I'll bet that at the
same time you deride IE, you also still go out ande buy the
latest OS, PC, and peripherals just because they exist: As
in, progress for the sake of progress? That kind of
attitude is actually a wart on the ass of progress to put it
succinctly.
Shortly, you are going to notice that the tide is turning
to other browsers too as the bad boys & kiddies become more
and more proficient and looking to make names for
themselves. Can you imagine the paper headlines and the
pride that kiddie will feel? It'sstarting: Stand by.
P
Pop Rivet
"Beauregard T. Shagnasty" <[email protected]>
wrote in message
LOL! Really! You couldn't do that with a setting
somewhere?
wrote in message
LOL! Really! You couldn't do that with a setting
somewhere?
P
Pop Rivet
....
default, but at the same time, it should be obvious what it
is for, and how to turn it "on" or "off", which it isn't. I
wonder why IE doesn't have "Profiles" so you can easily
switch from "all on" to "mimic the cripples"; that would be
handy. I imagine it's all marketing decisions, not really
MS's forte.
Pop
Now, that I can agree with; ActiveX should not be enabled by
default, but at the same time, it should be obvious what it
is for, and how to turn it "on" or "off", which it isn't. I
wonder why IE doesn't have "Profiles" so you can easily
switch from "all on" to "mimic the cripples"; that would be
handy. I imagine it's all marketing decisions, not really
MS's forte.
Pop
P
Pop Rivet
If you mean what you said here, I feel sorry for you; you
can't read. I don't really care whether you can "reconcile"
it or not - you've now made our "no-visit" lists due to your
closed mindedness. You'll never miss us, we're small, but
you'll also never see any of us there. When we surpass
1,000 hits/day consistantly, I'll come back and give you the
URL.
Cheers,
Pop
B
Beauregard T. Shagnasty
Quoth the raven Pop Rivet:
This IS a setting.
It's a new pref. You could type the few words, or you could download
the 11MB version. Your choice.
This IS a setting.
It's a new pref. You could type the few words, or you could download
the 11MB version. Your choice.
N
null
G
Gabriele Neukam
On that special day, Pop Rivet, ([email protected]) said...
What's that? A freudian slip towards frauded setups?
Not for me. I don't need no stinking ActiveX, Jscript or RealPlayer. Or
Flash.
What if I don't want that virus/trojan capa/compatibility?
I just do it. I didn't get Korgos or hijacked startpage sites.
I am currently writing on a PII 400 MHz with Windows 98 First Edition,
and it works just fine, with an exchanged hard drive, an additional one,
a cdrom exchanged for a dvd drive, an additional cd burner, a slightly
larger video card, an additional Realtek, and a *very* reliable intel BX
chipset. Why should I ask for more, if I don't play with realtime
shooters or driver simulations?
Yes, it is a bit slow for recent RPGs, and I will replace it within the
next months.
When XP is available with Service Pack2. Not sooner. When XP came out,
Bill Gates claimed that it was the most secure Windows ever made. Until
Blaster came and leveled his card house. And it didn't get any better
afterwards.
If you are in favour of progress generally, are you also in favour of
better nuclear weapons? Genetically enhanced babies? Cloned politicians?
A RFID'd life from birth to bier? Or is there a moment which makes you
stop and say: I don't think that *this* "progress" will make my life
really better, after all?
a. It is way more difficult to get local authority on the machine, if
ActiveX cannot be exploited.
b. The alternative browsers aren't too interesting, because they are
used by few people, and these people are a bit more safety aware than
the average John Doe user.
c. Trying to spread malware by *these* means would result in a *very*
low impact, and low impact obstructs the aimed at goal: to achieve
public attention because the programmer's "baby" managed to harm
$bigcompany.
d. recent programmers aren't only kiddies that want to raise attention;
more and more of them sell their "services" (mostly installed relays and
trojans) to spammers and other internet abusers, for the *money*. A low
distribution of $malware doesn't yield high profits, so why should they
try to infect machines that browse with non-IE applications? The
default, uninformed IE user is a much easier target, and there are
zillions out there to be exploited.
Randex was created to sell the victims to a spammer. The creator
confessed that to a German student in a chat.
Where there is interest, there will be business. I don't want to get
caught in that kind of "business". There are by sure areas in your home
town, where you won't walk at night, if don't really have to. I see IE
as such a red light area.
Gabriele Neukam
(e-mail address removed)
What's that? A freudian slip towards frauded setups?
Not for me. I don't need no stinking ActiveX, Jscript or RealPlayer. Or
Flash.
What if I don't want that virus/trojan capa/compatibility?
I just do it. I didn't get Korgos or hijacked startpage sites.
I am currently writing on a PII 400 MHz with Windows 98 First Edition,
and it works just fine, with an exchanged hard drive, an additional one,
a cdrom exchanged for a dvd drive, an additional cd burner, a slightly
larger video card, an additional Realtek, and a *very* reliable intel BX
chipset. Why should I ask for more, if I don't play with realtime
shooters or driver simulations?
Yes, it is a bit slow for recent RPGs, and I will replace it within the
next months.
When XP is available with Service Pack2. Not sooner. When XP came out,
Bill Gates claimed that it was the most secure Windows ever made. Until
Blaster came and leveled his card house. And it didn't get any better
afterwards.
If you are in favour of progress generally, are you also in favour of
better nuclear weapons? Genetically enhanced babies? Cloned politicians?
A RFID'd life from birth to bier? Or is there a moment which makes you
stop and say: I don't think that *this* "progress" will make my life
really better, after all?
a. It is way more difficult to get local authority on the machine, if
ActiveX cannot be exploited.
b. The alternative browsers aren't too interesting, because they are
used by few people, and these people are a bit more safety aware than
the average John Doe user.
c. Trying to spread malware by *these* means would result in a *very*
low impact, and low impact obstructs the aimed at goal: to achieve
public attention because the programmer's "baby" managed to harm
$bigcompany.
d. recent programmers aren't only kiddies that want to raise attention;
more and more of them sell their "services" (mostly installed relays and
trojans) to spammers and other internet abusers, for the *money*. A low
distribution of $malware doesn't yield high profits, so why should they
try to infect machines that browse with non-IE applications? The
default, uninformed IE user is a much easier target, and there are
zillions out there to be exploited.
Randex was created to sell the victims to a spammer. The creator
confessed that to a German student in a chat.
Where there is interest, there will be business. I don't want to get
caught in that kind of "business". There are by sure areas in your home
town, where you won't walk at night, if don't really have to. I see IE
as such a red light area.
Gabriele Neukam
(e-mail address removed)
J
Jeffrey A. Setaro
On Wed, 28 Jul 2004 15:49:31 GMT, (e-mail address removed) wrote:
[Snip]
Apparently you didn't actually read it... If had you know that it
describes how to stop ActiveX controls from running in Internet
Explorer. Something you can by modifying the data value of the
Compatibility Flags DWORD value for the Class identifier (CLSID) of
the ActiveX control.
You don't need any third party software... Just download the .reg file
and import it.
[Snip]
Did you actually read the US-CERT vulnerability note or are you just
repeating what's been reported by the media?
US-CERT recommend several risk mitigation steps
1) Disable Active Scripting & ActiveX
2) Apply the Outlook E-mail Security Update
3) Read and send e-mail in plain text
4) Maintain updated anti-virus software
5) Don't follow unsolicited links
6) Use a different browser
It's also worth note the Windows XP service pack 2 makes change to the
Local Machine Zone that should fix specific conditions US-CERTs
vulnerability note deals with.
You find the full vulnerability note @
<http://www.kb.cert.org/vuls/id/713878>
Cheers-
Jeff Setaro
jasetaro@SPAM_ME_NOT_mags.net
http://people.mags.net/jasetaro/
PGP Key IDs DH/DSS: 0x5D41429D RSA: 0x599D2A99 New RSA: 0xA19EBD34
[Snip]
Apparently you didn't actually read it... If had you know that it
describes how to stop ActiveX controls from running in Internet
Explorer. Something you can by modifying the data value of the
Compatibility Flags DWORD value for the Class identifier (CLSID) of
the ActiveX control.
You don't need any third party software... Just download the .reg file
and import it.
[Snip]
Did you actually read the US-CERT vulnerability note or are you just
repeating what's been reported by the media?
US-CERT recommend several risk mitigation steps
1) Disable Active Scripting & ActiveX
2) Apply the Outlook E-mail Security Update
3) Read and send e-mail in plain text
4) Maintain updated anti-virus software
5) Don't follow unsolicited links
6) Use a different browser
It's also worth note the Windows XP service pack 2 makes change to the
Local Machine Zone that should fix specific conditions US-CERTs
vulnerability note deals with.
You find the full vulnerability note @
<http://www.kb.cert.org/vuls/id/713878>
Cheers-
Jeff Setaro
jasetaro@SPAM_ME_NOT_mags.net
http://people.mags.net/jasetaro/
PGP Key IDs DH/DSS: 0x5D41429D RSA: 0x599D2A99 New RSA: 0xA19EBD34
F
Frederic Bonroy
Pop said:
For you. Not for the security-conscious person that I am. I don't need
ActiveX. I have never needed it. The same goes for VBScript. We had
JavaScript already. What did we need VBScript for?
No. XP has been out for almost three years and I have been using 2000
since January only; I used 98 SE before that. And I would still be using
98 if I hadn't been able to acquire 2000 for free (legally). And I had
to get rid of my Pentium III 500 to do someone a favor (sounds weird,
but you will just have to believe me). That's why I have a fast Athlon
now. I probably wouldn't have bought it otherwise.
I have absolutely no intention to switch to XP because I consider it to
be the worst piece of miserable shit that has ever seen the light of the
day (after IE). Perhaps I will have to switch one day, when 2000 becomes
too obsolete. But I dread that day.
Assuming that Mozilla based browsers will become more popular in the
future, they will obviously be targetted more frequently by the bad
boys. That doesn't change the fact that IE is *inherently* less secure
than alternative browsers and that we will very probably see fewer
problems with them.
N
null
You don't have a clue. There's nothing new about the alternate
browsers at all. I was using Netscape (which is based on earlier
builds of Mozilla) back in the Win 3.1 days. Opera isn't new. My OS
isn't new. And I know Frederic's isn't either. I ran Win 98 with IE
eradicated for years and never missed that piece of junk once. What
good is a browser that you have to keep scripting and activex disabled
because of endless unpatched vulnerabilities? And who wants to play
the silly IE patchwork roulette game? With Mozilla, the rare
vulnerabilities have been found and fixed before the bad guys get a
chance to exploit them. Yes, it is a good idea to use the latest
released version. But that's about it.
That's a tired old argument that doesn't hold water for many reasons.
The fact is that most users are far better off using a alternate
browser that's reasonably secure right out of the box.
Art
http://www.epix.net/~artnpeg
F
Frederic Bonroy
Jeffrey said:
Whose fault is that? Is Mozilla buggy, or are the pages just badly written?
Well, that's interesting. As far as I am concerned, Opera is lying on my
hard disk just as a back-up in case Mozilla won't work for some reason.
I found it way too annoying and unstable in day-to-day use.
By the way, Opera releases security updates quite often - more often
than Mozilla.
J
Jeffrey A. Setaro
Both... Some of the problems come from the way Mozilla's developers
have chosen to implement certain "standards".
As an aside when I look at the logs for the web site I manage and see
95 to 99 percent of the hits come from IE there's very little
incentive from me to support other browsers.
Don't get me wrong they both have problems... Opera so has done a
better job of rendering pages that Mozilla chokes on. Unfortunately I
have a couple of sites I use fairly regularly that just won't render
properly in anything other than IE.
Cheers-
Jeff Setaro
jasetaro@SPAM_ME_NOT_mags.net
http://people.mags.net/jasetaro/
PGP Key IDs DH/DSS: 0x5D41429D RSA: 0x599D2A99 New RSA: 0xA19EBD34
F
Frederic Bonroy
Jeffrey said:
It's a vicious circle. If you don't want to support other browsers,
people won't use them. And if they don't use them, you won't want to
support them. The way out of this dilemma is standards compliant HTML.
If a browser won't work with compliant HTML then you and your visitors
have a good reason to shun it.
J
Jeffrey A. Setaro
[Snip]
And how many users have upgraded to more recent releases? The same
people who are have problems IE being hijacked are the same people who
would be running exploitable versions Mozilla... They the people who
don't bother installing patches and regularly do stupid stuff like
cruising around the seedy underbelly of the net looking for free porn,
or blindly double-click anything you put in front of them.
The biggest security problem we face isn't crappy software it's
clueless users... Send a day manning the help desk any decent sized
enterprise you'll be amazed at the spectacularly stupid things users
can do!
Cheers-
Jeff Setaro
jasetaro@SPAM_ME_NOT_mags.net
http://people.mags.net/jasetaro/
PGP Key IDs DH/DSS: 0x5D41429D RSA: 0x599D2A99 New RSA: 0xA19EBD34
J
Jeffrey A. Setaro
On Wed, 28 Jul 2004 21:24:10 +0200, Frederic Bonroy
[Snip]
Who's standards the World Wide Web consortium's, Microsoft's,
Mozilla's? Part of the problem that browser developers have
implemented the standards slightly differently ways or have
implemented their own version of the standard or chosen to add
extensions to the standard that only work in their browser.
Creating a modern web site with all the bells and whistles that
renders properly in all browsers isn't a simple task and in some case
the client doesn't want to pay for the other one percent.
Cheers-
Jeff Setaro
jasetaro@SPAM_ME_NOT_mags.net
http://people.mags.net/jasetaro/
PGP Key IDs DH/DSS: 0x5D41429D RSA: 0x599D2A99 New RSA: 0xA19EBD34
[Snip]
Who's standards the World Wide Web consortium's, Microsoft's,
Mozilla's? Part of the problem that browser developers have
implemented the standards slightly differently ways or have
implemented their own version of the standard or chosen to add
extensions to the standard that only work in their browser.
Creating a modern web site with all the bells and whistles that
renders properly in all browsers isn't a simple task and in some case
the client doesn't want to pay for the other one percent.
Cheers-
Jeff Setaro
jasetaro@SPAM_ME_NOT_mags.net
http://people.mags.net/jasetaro/
PGP Key IDs DH/DSS: 0x5D41429D RSA: 0x599D2A99 New RSA: 0xA19EBD34
F
Frederic Bonroy
Jeffrey said:
Well, not the proprietary standards. Isn't that an oxymoron? ;-)
B
Bart Bailey
If IE were to re-bulb itself with red ones, the casual user might be a
bit warned, but it's instead all lit up like a car dealership, with
pennants fluttering, suggesting the epitome of transportation
excellence, yet none of the airbags are functional, nor do any of the
cars even have bumpers. <g>