Full Disclosure mailing list archives

RE: IE is just as safe as FireFox

From: "Rafel Ivgi, The-Insider" <rivgi () finjan com>
Date: Thu, 14 Oct 2004 07:20:20 +0200

And whom do you think found those holes...  :-)
Its all my work, and there is plenty more at MS...just unpublished...and more comng for SP1 too...
You will see...


Rafel Ivgi, The-Insider
Security Consultant 
Malicious Code Research Center (MCRC)
Finjan Software LTD
E-mail: rivgi () Finjan com
---------------------------------
Prevention is the best cure!


From: Todd Towles (toddtowlesbrookshires.com)
Date: Fri Nov 12 2004 - 14:58:56 CST 

  a.. Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] 

--------------------------------------------------------------------------------

I don't know about you Rafel, but I know people in your company think XP 
SP2 is full of holes also. =) 


"Ten new security holes in Windows XP Service Pack 2 have been 
discovered, so get ready to insert new patches into your patch 
management schedule. Microsoft recently announced their Security 
Bulletin Advance Notification Program, which gives administrators a 
several days advance notice of upcoming patches, however these new 
security holes were announced by security product maker Finjan 
Software." 


http://www.winnetmag.com/Windows/Article/ArticleID/44502/Windows_44502.h 
tml 


Great ten more patches they won't released for Windows XP Gold or 
Windows 2000.... 


I think the founder of Finjan is speaking my language as well... 


Shlomo Touboul, CEO and Founder of Finjan Software, said "Windows XP SP2 
operating system is a continuation of the same Windows XP Operating 
System and Windows Kernel. All Windows versions have been developed with 
requirements for highest backward compatibility and open architecture, 
with maximum productivity and ease of use. In addition, Windows 
applications typically run with administrative permission with full and 
unlimited access to computer resources." 


Sound familiar? 


-Todd

Rafel Ivgi, The-Insider 
Security Consultant 
Malicious Code Research Center (MCRC) 
Finjan Software LTD 
E-mail: rivgiFinjan.com 
--------------------------------- 
Prevention is the best cure! 
----- Original Message ----- 
From: <Colin.Scottcsplc.com> 
To: <full-disclosurelists.netsys.com> 
Sent: Friday, November 12, 2004 12:46 PM 
Subject: Re: [Full-disclosure] IE is just as safe as FireFox 


Oh yeah, I've got 14,000 Windows 2000 machines to update to 
windows XP SP2, 
hang on wheres that CD? 

So thanks for your infinate wisdom there Rafel. 

Colin. 










"Rafel Ivgi, 
The-Insider" 
<theinsider012.n To 
et.il> <full-disclosurelists.netsys.com> 
Sent by: cc 
full-disclosure-a 
dminlists.netsys Subject 
.com Re: [Full-Disclosure] IE is just as 
safe as FireFox 
12/11/2004 06:44 



That is incorrect, there is a fix --> SP2. 
Users should use the latest updated system, meaning if there 
is an SP2, 
they 
should install it. 


Rafel Ivgi, The-Insider 
Security Consultant 
Malicious Code Research Center (MCRC) 
Finjan Software LTD 
E-mail: rivgiFinjan.com 
--------------------------------- 
Prevention is the best cure! 
----- Original Message ----- 
From: "Martin Mkrtchian" <dotsecuregmail.com> 
To: "Todd Towles" <toddtowlesbrookshires.com> 
Cc: "Mailing List - Full-Disclosure" 
<full-disclosurelists.netsys.com>; 
<ring-of-fireyahoogroups.com> 
Sent: Friday, November 12, 2004 3:03 AM 
Subject: Re: [Full-disclosure] IE is just as safe as FireFox

They should've at least released that statement after they

fixed the

IE FRAME vulnerability. 0 day exploit is in the wild and no fix for 
it, yet they claim its secure enough. 

If the programmers are as smart as the company press

releasers, I can

see why I.E. still sux. 


Martin 


On Thu, 11 Nov 2004 15:59:20 -0600, Todd Towles 
<toddtowlesbrookshires.com> wrote:

Microsoft's security and mangement product manager (Ben English)

says...


At a security roundtable discussion in Sydney on

Thursday, Ben English,

Microsoft's security and management product manager, told

attendees 
that

IE undergoes "rigorous code reviews" and is no less

secure than any

other browser. 

"Because IE is ubiquitous, you hear a lot more about it,

but I don't

think that Internet Explorer is any less secure than any

other browser

out there," English said.

http://news.com.com/Microsoft+says+Firefox+not+a+threat+to+IE/ 
2100-1032_

3-5448719.html?part=dht&tag=ntop&tag=nl.e433 

Can anyone say IFRAME? Lol 

-Todd 

_______________________________________________ 
Full-Disclosure - We believe in it. 
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________ 
Full-Disclosure - We believe in it. 
Charter: http://lists.netsys.com/full-disclosure-charter.html







************************************************************** 
************************ 

This e-mail is confidential and may contain privileged 
information. If you 
are not the addressee or if you have received the e-mail in 
error, it may 
be unlawful for you to read, copy, distribute, disclose or 
otherwise use the 
information which it contains. Under these circumstances, 
please notify 
us immediately by returning this mail to 
'mailerrorcsplc.com' and deleting 
this e-mail from your system. 

Any views expressed by an individual within this e-mail do 
not necessarily 
reflect the views of Cadbury Schweppes Plc or its 
subsidiaries. Cadbury 
Schweppes Plc will not be bound by any agreement entered into 
as a result 
of this email, unless its intention is clearly evidenced in 
the body of the 
email. 
Whilst we have taken reasonable steps to ensure that this e-mail and 
attachments are free from viruses, recipients are advised to 
subject this 
mail 
to their own virus checking, in keeping with good computing 
practice. Please 
note that email received by Cadbury Schweppes Plc or its 
subsidiaries may be 
monitored in accordance with the prevailing law in the United Kingdom. 

************************************************************** 
************************ 

_______________________________________________ 
Full-Disclosure - We believe in it. 
Charter: http://lists.netsys.com/full-disclosure-charter.html 

_______________________________________________ 
Full-Disclosure - We believe in it. 
Charter: http://lists.netsys.com/full-disclosure-charter.html



_______________________________________________ 
Full-Disclosure - We believe in it. 
Charter: http://lists.netsys.com/full-disclosure-charter.html 

-----------------------------------------------
This message was scanned for malicious content and viruses by Finjan Internet Vital Security 1Box(tm)

Current thread:

Re: IE is just as safe as FireFox, (continued)
- - - Re: IE is just as safe as FireFox Valdis . Kletnieks (Nov 12)
- RE: IE is just as safe as FireFox Todd Towles (Nov 12)
- RE: IE is just as safe as FireFox Todd Towles (Nov 12)
  - Re: IE is just as safe as FireFox William Warren (Nov 12)
  - RE: IE is just as safe as FireFox joe (Nov 15)
    - RE: IE is just as safe as FireFox Eric Paynter (Nov 16)
    - RE: IE is just as safe as FireFox joe (Nov 17)
- Re: IE is just as safe as FireFox WB (Nov 12)
  - Re: IE is just as safe as FireFox Curt Purdy (Nov 14)
- RE: IE is just as safe as FireFox Todd Towles (Nov 12)
- RE: IE is just as safe as FireFox Rafel Ivgi, The-Insider (Nov 13)
- RE: IE is just as safe as FireFox Stuart Fox (DSL AK) (Nov 15)
  - Re: IE is just as safe as FireFox stephane nasdrovisky (Nov 16)
    - RE: IE is just as safe as FireFox joe (Nov 17)
  - IE is just as safe as FireFox Raoul Nakhmanson-Kulish (Nov 18)
    - Message not available
    - Re: IE is just as safe as FireFox Raoul Nakhmanson-Kulish (Nov 18)
    - Message not available
    - Re: IE is just as safe as FireFox Raoul Nakhmanson-Kulish (Nov 18)
    - Message not available
    - Re: IE is just as safe as FireFox Raoul Nakhmanson-Kulish (Nov 19)
    - RE: IE is just as safe as FireFox joe (Nov 19)
    - Re: IE is just as safe as FireFox Vincent Archer (Nov 19)
    - Re: IE is just as safe as FireFox bkfsec (Nov 20)

(Thread continues...)