Go to the FreeLists Home Page Home Signup Help Login 		 



Browse opendtv: This Month's ArchiveMain Archive PageRelated postsPrevious by DateNext by Date

[opendtv] Re: Tide Turning in Browser Wars?

  • From: Tom Barry <trbarry@xxxxxxxxxxx>
  • To: opendtv@xxxxxxxxxxxxx
  • Date: Thu, 01 Jul 2004 20:14:09 -0400
I thought the problem was this attack (link below), which is not yet 
fixed in IE.  It can allow web sites to take over your machine, 
install trojans, etc.

http://news.com.com/Web+site+virus+attack+blunted/2100-7349_3-5248279.html?tag=cd.top

- Tom

Kon Wilms wrote:

> First I have to say this CERT news is *old news*. The mentioned IE bug
> came out, was analyzed, and fixed in windows update before they released
> this news. There is no need to *stop* using IE. Make sure you have a
> virus scanner installed, and keep it and your windows updates current.
> 
> Another thing to note is that people leave their windows boxes wide
> open. I don't (can't, cause they interfere with the files) run AV
> software on the datacast boxes at work that we have in the field.
> Solution - lock the box down with IP filter and IPSEC rules. Only SSH
> gets into the servers, and everything else (including terminal services)
> is tunneled through that. The SSH user account is jailed to a home
> directory that is unreadable/writable, and has no filesystem privs. We
> have had these boxes in locations where windows boxes are constantly
> getting their asses kicked by msblaster and friends (many broadcast
> stations I consider to be the wild west). No problems for our locked
> down boxes though. And you can do the same for XP.
> 
> Having said that, I run gnome desktop and linux at home. But even so I
> *still* have an openbsd firewall in place with squirrelmail. The windows
> systems are locked down with IPsec and restricted trust rules. We have
> never had a single trojan or virus here at home.
> 
> Every system is vulnerable to trojans, even linux (unsigned RPMs (and
> vendors like SuSe commenting that this is how it is and how they will do
> it in future) in apt/yum repositories just prove my point) and osx.
> 
> I suggest a starting point being the NSA guidelines for securing windows
> systems: http://www.nsa.gov/snac/
> 
> Cheers
> Kon
> 
> Craig Birkmaier wrote:
> 
> 
>>Just when we thought the "browser wars" were over...
>>
>>Looks like some Windows users are going to learn how difficult it is 
>>to install and use an alternative Web browser to Micrisoft's flagship 
>>"integrated" Internet Explorer.  I started hearing about the latest 
>>vulnerabilities in IE several days ago, via a tech segment on our 
>>local Talk radio station. The commentator is a side-kick on a local 
>>afternoon show, who also runs a company that specializes in "Digital 
>>Marketing" and PC maintenance/sales. Mr. PC's (no, I'm not kidding) 
>>advice is to switch to the Mozilla browser.
>>
>>Now the U.S. Computer Emergency Readiness Team is recommending that 
>>people stop using IE as well. Could the hackers finally be winning 
>>the war, exposing Microsoft's seemingly endless vulnerabilities? 
>>Could this kind of negative publicity wake people up to the options 
>>that exist for running a PC today, without paying their tithe to the 
>>boys in Redmond?
>>
>>Regards
>>Craig
>>
>>
>>US-CERT ADVISES SWITCHING BROWSERS
>>In light of a recent announcement about an "extremely critical"
>>security vulnerability in Internet Explorer (IE), the U.S. Computer
>>Emergency Readiness Team (US-CERT) has issued a warning advising
>>computer users to stop using Microsoft's browser. US-CERT is a
>>nonprofit formed in September 2003 by the Department of Homeland
>>Security and the public and private sectors to improve computer
>>security preparedness and response. According to the US-CERT notice,
>>there are "significant vulnerabilities in technologies relating to the
>>IE domain/zone security model, the DHTML object model, MIME-type
>>determination, and ActiveX." The IE bug allows hackers to install
>>spyware on users' computers without any action on the part of the
>>user. The notice goes on to say that, particularly for browsing
>>untrusted sites, use of another browser is an effective way to avoid
>>the security risks mentioned.
>>Internet News, 29 June 2004
>>http://www.internetnews.com/security/article.php/3374931
>> 
>>
> 
> 
> 
>  
>  
> ----------------------------------------------------------------------
> You can UNSUBSCRIBE from the OpenDTV list in two ways:
> 
> - Using the UNSUBSCRIBE command in your user configuration settings at 
> FreeLists.org 
> 
> - By sending a message to: opendtv-request@xxxxxxxxxxxxx with the word 
> unsubscribe in the subject line.
> 
> 
 
 
----------------------------------------------------------------------
You can UNSUBSCRIBE from the OpenDTV list in two ways:

- Using the UNSUBSCRIBE command in your user configuration settings at 
FreeLists.org 

- By sending a message to: opendtv-request@xxxxxxxxxxxxx with the word 
unsubscribe in the subject line.

Other related posts:

  • [opendtv] Tide Turning in Browser Wars?
  • [opendtv] Re: Tide Turning in Browser Wars?
  • [opendtv] Re: Tide Turning in Browser Wars?
  • [opendtv] Re: Tide Turning in Browser Wars?
  • [opendtv] Re: Tide Turning in Browser Wars?
  • [opendtv] Re: Tide Turning in Browser Wars?
  • [opendtv] Re: Tide Turning in Browser Wars?
  • [opendtv] Re: Tide Turning in Browser Wars?
  • [opendtv] Re: Tide Turning in Browser Wars?




    • [ Home | Signup | Help | Login | Archives | Lists ]

    All trademarks and copyrights within the FreeLists archives are owned by their respective owners.
    Everything else ©2008 Avenir Technologies, LLC.