Full Disclosure mailing list archives
Re: Microsoft and Security
From: William Warren <hescominsoon () emmanuelcomputerconsulting com>
Date: Tue, 29 Jun 2004 11:36:08 -0400
i am not having a lonely browsing experience...all the security sites i visit work jsut fine. I msut be missing some. I missed the security researcher's list of sites that did not work in anything but ie. What was the thread title and i will happily search the archives..find it..and test the findings as well..:)
Ron DuFresne wrote:
On Mon, 28 Jun 2004, William Warren wrote:Frankly if i hit a site that does not work in mozilla..i email the webmaster..if they are unable or unwilling to support mozilla then i simply do not go to that site anymore..:)Which can leave you with a lonely web-browsing experience. I recall a well known security researcher/expert not too long ago in the past givening up on his stance of avoiding security related sites that relied upon content that was potentially unsafe. He soon found there were few security sites he could actually browse. There are a number of applications that are IE centric as well, applications that often end up in corprate evn's... Thanks, Ron DuFresneNancy Kramer wrote:There are lots of sites written only for IE or clones of IE like Opera. Some large sites are written only for late model IEs. Many are from large companies. Big business thinks MS is the state of the art and the only way to go for business. You have a choice do it their way or don't get the benefits of their web site. They play to the user who has AOL, uses only IE and Outlook with all the defaults on because if MS does it it must be right and they really have no interest in changing things or knowing about them. People believe they are protected by big companies like MS. They are fools but then like a friend of mine always says "business people are stupid". They believe that the US government should protect them from hackers and spam. That cannot be done but they don't understand that and neither do the US legislators. Regards, Nancy Kramer Webmaster http://www.americandreamcars.com Free Color Picture Ads for Collector Cars One of the Ten Best Places To Buy or Sell a Collector Car on the Web At 05:23 PM 6/28/2004, Burnes, James wrote:Well, this is an predictable, but interesting quote from IDefense... [IDefense linked the malicious attacks to a group by a different name called the hangUP team, also from Russia and also believed to be responsible for the recent string of Korgo worms, Dunham said. "These are hackers for hire and they commoditize every piece of information they capture. This was a very complicated and sophisticated attack," he said. Security experts were still trying to determine Friday how IIS servers were compromised and whether applying the latest patches for IIS and Internet Explorer would protect users from the attacks. "My gut feeling is (patching) doesn't protect you," Dunham said. "If I were a home user, I'd consider using another Web browser, like Mozilla, until a patch comes out," he said.] (nwfusion - 06/25/2004) Well, of course. By why go back to IE unless someone wrote apps that only run on IE and what's the point of that. Might as well write them in VB. jim burnes security engineer great-west, denver-----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure- admin () lists netsys com] On Behalf Of http-equiv () excite com Sent: Friday, June 25, 2004 9:41 AM To: bugtraq () securityfocus com Cc: NTBugtraq () listserv ntbugtraq com; full-disclosure () lists netsys com Subject: [Full-disclosure] Microsoft and Security Where is Microsoft now "protecting their customers" as they love to bray? Should not someone in authority of this public company step forward and explain themselves at this time? All of sudden panic is being created across the WWW with "IIS Exploit Infecting Web Site Visitors With Malware", "Mysterious Attack Hits Web Servers", "Researchers warn of infectious Web sites" all stemming from all news accounts from an unpatched "problem" with Internet Explorer now two weeks old and counting, which in fact in reality stems from 10 months ago, that being the adodb.stream safe for scripting control with write capabilities. What exactly is being done about this? Nothing. What does multiple billions of dollars buy you today. Nothing. However for $20 million you can almost fly to the moon. Someone ought to step forward and explaini what exactly is happening at this public company. The great "protector of their customers". One might even suggest that their entire "security" mandate be re-examined. What exactly do they consider a vulnerability? Something that suits them or something that's cost effective to fix. So what, a few people lose their identities, have a few dollars extracted from their bank accounts, have their home pages reset, we'll fix it when it suits us as we have to be on budget this quarter. The Big Boss says $40 billion isn't enough this year. A vulnerability: http://www.microsoft.com/technet/archive/community/columns/securi ty/essays/vulnrbl.mspx "A security vulnerability is a flaw in a product that makes it infeasible - even when using the product properly-to prevent an attacker from usurping privileges on the user's system, regulating its operation, compromising data on it, or assuming ungranted trust." what this gibberish? For the past 10 months the adobd.stream object is capable of writing files to the "all important customer's" computer. It has real world consequences. It rapes their computer. Does it fit into the gibberish custom definition. Plain and simple: "A security vulnerability is a flaw in a product that makes it infeasible". What kind of language is this. Reads like the financial department conjured it up. Disabling scripting won't solve it. Putting sites in one of the myriad of "zones' won't solve it. Internet Explorer can trivially be fooled into operating in the less than secure so- called "intranet zone" and it can be guided there remotely. What's happening here. Where is the Microsoft representative explaining all of this to the shareholders and "customers" they so dearly wish to protect. This is unacceptable. Someone must be held accountable. -- http://www.malware.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html-- My "Foundation" verse: Isa 54:17 No weapon that is formed against thee shall prosper; and every tongue that shall rise against thee in judgment thou shalt condemn. This is the heritage of the servants of the LORD, and their righteousness is of me, saith the LORD. -- carpe ductum -- "Grab the tape" _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything.
-- My "Foundation" verse:Isa 54:17 No weapon that is formed against thee shall prosper; and every tongue that shall rise against thee in judgment thou shalt condemn. This is the heritage of the servants of the LORD, and their righteousness is of me, saith the LORD.
-- carpe ductum -- "Grab the tape" _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Microsoft and Security, (continued)
- Microsoft and Security http-equiv () excite com (Jun 25)
- RE: Microsoft and Security Burnes, James (Jun 25)
- RE: Microsoft and Security http-equiv () excite com (Jun 25)
- Re: Microsoft and Security Georgi Guninski (Jun 26)
- RE: Microsoft and Security Drew Copley (Jun 25)
- Microsoft and Security http-equiv () excite com (Jun 25)
- RE: Microsoft and Security Burnes, James (Jun 28)
- Message not available
- RE: Microsoft and Security Nancy Kramer (Jun 28)
- Re: Microsoft and Security William Warren (Jun 28)
- Re: Microsoft and Security Ron DuFresne (Jun 29)
- Re: Microsoft and Security William Warren (Jun 29)
- Message not available
- Re: Microsoft and Security Steve Kudlak (Jun 29)
- RE: Microsoft and Security Mark Laurence (Jun 29)
- RE: Microsoft and Security Ron DuFresne (Jun 29)