[opendtv] Re: Tide Turning in Browser Wars?
- From: Tom Barry <trbarry@xxxxxxxxxxx>
- To: opendtv@xxxxxxxxxxxxx
- Date: Thu, 01 Jul 2004 20:14:09 -0400
I thought the problem was this attack (link below), which is not yet
fixed in IE. It can allow web sites to take over your machine,
install trojans, etc.
http://news.com.com/Web+site+virus+attack+blunted/2100-7349_3-5248279.html?tag=cd.top
- Tom
Kon Wilms wrote:
> First I have to say this CERT news is *old news*. The mentioned IE bug
> came out, was analyzed, and fixed in windows update before they released
> this news. There is no need to *stop* using IE. Make sure you have a
> virus scanner installed, and keep it and your windows updates current.
>
> Another thing to note is that people leave their windows boxes wide
> open. I don't (can't, cause they interfere with the files) run AV
> software on the datacast boxes at work that we have in the field.
> Solution - lock the box down with IP filter and IPSEC rules. Only SSH
> gets into the servers, and everything else (including terminal services)
> is tunneled through that. The SSH user account is jailed to a home
> directory that is unreadable/writable, and has no filesystem privs. We
> have had these boxes in locations where windows boxes are constantly
> getting their asses kicked by msblaster and friends (many broadcast
> stations I consider to be the wild west). No problems for our locked
> down boxes though. And you can do the same for XP.
>
> Having said that, I run gnome desktop and linux at home. But even so I
> *still* have an openbsd firewall in place with squirrelmail. The windows
> systems are locked down with IPsec and restricted trust rules. We have
> never had a single trojan or virus here at home.
>
> Every system is vulnerable to trojans, even linux (unsigned RPMs (and
> vendors like SuSe commenting that this is how it is and how they will do
> it in future) in apt/yum repositories just prove my point) and osx.
>
> I suggest a starting point being the NSA guidelines for securing windows
> systems: http://www.nsa.gov/snac/
>
> Cheers
> Kon
>
> Craig Birkmaier wrote:
>
>
>>Just when we thought the "browser wars" were over...
>>
>>Looks like some Windows users are going to learn how difficult it is
>>to install and use an alternative Web browser to Micrisoft's flagship
>>"integrated" Internet Explorer. I started hearing about the latest
>>vulnerabilities in IE several days ago, via a tech segment on our
>>local Talk radio station. The commentator is a side-kick on a local
>>afternoon show, who also runs a company that specializes in "Digital
>>Marketing" and PC maintenance/sales. Mr. PC's (no, I'm not kidding)
>>advice is to switch to the Mozilla browser.
>>
>>Now the U.S. Computer Emergency Readiness Team is recommending that
>>people stop using IE as well. Could the hackers finally be winning
>>the war, exposing Microsoft's seemingly endless vulnerabilities?
>>Could this kind of negative publicity wake people up to the options
>>that exist for running a PC today, without paying their tithe to the
>>boys in Redmond?
>>
>>Regards
>>Craig
>>
>>
>>US-CERT ADVISES SWITCHING BROWSERS
>>In light of a recent announcement about an "extremely critical"
>>security vulnerability in Internet Explorer (IE), the U.S. Computer
>>Emergency Readiness Team (US-CERT) has issued a warning advising
>>computer users to stop using Microsoft's browser. US-CERT is a
>>nonprofit formed in September 2003 by the Department of Homeland
>>Security and the public and private sectors to improve computer
>>security preparedness and response. According to the US-CERT notice,
>>there are "significant vulnerabilities in technologies relating to the
>>IE domain/zone security model, the DHTML object model, MIME-type
>>determination, and ActiveX." The IE bug allows hackers to install
>>spyware on users' computers without any action on the part of the
>>user. The notice goes on to say that, particularly for browsing
>>untrusted sites, use of another browser is an effective way to avoid
>>the security risks mentioned.
>>Internet News, 29 June 2004
>>http://www.internetnews.com/security/article.php/3374931
>>
>>
>
>
>
>
>
> ----------------------------------------------------------------------
> You can UNSUBSCRIBE from the OpenDTV list in two ways:
>
> - Using the UNSUBSCRIBE command in your user configuration settings at
> FreeLists.org
>
> - By sending a message to: opendtv-request@xxxxxxxxxxxxx with the word
> unsubscribe in the subject line.
>
>
----------------------------------------------------------------------
You can UNSUBSCRIBE from the OpenDTV list in two ways:
- Using the UNSUBSCRIBE command in your user configuration settings at
FreeLists.org
- By sending a message to: opendtv-request@xxxxxxxxxxxxx with the word
unsubscribe in the subject line.
Other related posts:
