Real Security

[Dave Aitel <dave () immunityinc com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

We released a reliable exploit for the new RealPlayer bug into CANVAS
Early Updates this morning which makes me wonder why NASA retracted
their request for all their contractors and employees to use Firefox
instead of IE, instead asking them to just uninstall RealPlayer.[1]  I
thought the original request made a lot of sense: If the employees
stop using IE, they don't have to worry about the next big ActiveX
vulnerability. And it's something you can easily block at the gateway
of your organization: just filter on UserAgent.

In any case, it was more ballsy than you'd expect from a big
government organization.

- -dave

[1] http://www.infosecblog.org/2007/10/nasa-bans-ie.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHGi4JB8JNm+PA+iURAlsgAJ90fAuWJS0GcKNHFTcXP5JpnDBdUQCfSDJk
x4BFwUoF1anZEy1H+x6Iz48=
=ww/j
-----END PGP SIGNATURE-----

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave