Re: Firefox bugs

["Dave Aitel" <dave.aitel () gmail com>]

Web bugs are not code executing on your computer. Typically they're not even
javascript, just an embedded image or audio file that loads from a remote
site. Spyware is code executing on your computer.

I'm going to say though, I do think weev has 30 Javascript bugs in Mozilla.
The question for Window Snyder is "What are you going to do about it?" Is
Firefox at least compiled with /Gs these days (or pro-police (what's the
current best GCC flag?) on Linux/OS X? Does Mozilla help Novell install
their application profile stuff? Does Mozilla have a certified SELinux
profile? Making browsing safe is a hard job and there's a lot Mozilla can
do. $500 bucks a bug is not it.

I think it's extra special funny that someone from SixApart's LiveJournal
was giving a talk with someone from Bantown, who did the big LiveJournal
attack a while back.

(see
http://blog.washingtonpost.com/securityfix/2006/01/account_hijackings_force_livej.html
)

What's next? Spammers working with anti-spam companies? :>

-dave

On 10/3/06, Alexander Sotirov <asotirov () determina com> wrote:
> Dave Aitel wrote:
> > Anyways, our congresscritters think that SPYWARE==WEB BUG. And it's
> > not true. Someone needs to call them and explain it slowly.
>
> How is a web bug not spyware? Or are you saying that spyware is more than
> just
> web bugs?
>
> Alex
> _______________________________________________
> Dailydave mailing list
> Dailydave () lists immunitysec com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave