blogs.zdnet.com— Polish hacker Michal Zalewski has ratcheted up his ongoing assault on Web browser security models, releasing details on serious flaws in fully patched versions of IE 6, IE 7 and Firefox 2.0.
Jun 4, 2007View in Crawl 4
"there are so many exploits for both FF and IE because they are so popular, Opera however..." just because it is attacked less often due to under popularity doesn't mean it has less exploits, they just aren't as well known or publicized. So yes...let's ALL use Opera, and then IT will be the one with the well known exploits...jeez. I'll get dugg down for my next statement, but didn't we learn anything from Macs? everyone thinks they're sooo much safer machines with nooone of the security flaws that PC's "inherently" posses, but due to Macs' recent popularity boost (thanks to commercials that claim the opposite) we see that there is no such thing as a perfect OS (or web browser). <a class="user" href="http://www.informationweek.com/news/showArticle.jhtml?articleID=199200243">http://www.informationweek.com/news/showArticle.jhtml?articleID=199200243</a>I just like how Macs are still "unpopular" enough that they can get away with patching so infrequently that they their patches consist of 25 vulnerabilities. Awesome!
If you have a problem with NoScript, the ease of use or for any matter at all, don't complain, your mom doesn't know how to program a VCR either. It's ok.
I've been warning web server operators and administrators about this.They act stupid and say things like "Prove it!". I remind them I don't work for them. Please fix your security issues. Whether or not they do so is not my concern. This guy who released this secure information is a hero because he has the guts (that I don't) to show you where you are vulnerable.Guess what happens when I show someone where they are vulnerable? They get pissed off. Guess what? I don't do that anymore.It's a sticky situation! Don't get into it if you are emo! The computer has no feelings. Learn to code without emotion and I think you will do alot better.If you are not in the internet security business, don't freak out. We are working on it. For now, everything is monitored so we can track what is happening. This way nothing goes undetected and can be later analyzed.You're in good hands. P.S. The grammar police and spelling police spam has got to stop. No one cares if someone's keyboard is acting up and they "mispell" words, and we are all getting tired of the spelling and grammar fixes. It's unwanted. That means it's spam. Stop doing it.
P.S.S. Yes, you can fix these problems on the client side or the server side. It's nice when browsers protect you, but the servers are ultimately responsible for ensuring that the data sent out cannot be used by an unintended recipient. Server administrators will disagree...
imacashewJun 5, 2007
"there are so many exploits for both FF and IE because they are so popular, Opera however..." just because it is attacked less often due to under popularity doesn't mean it has less exploits, they just aren't as well known or publicized. So yes...let's ALL use Opera, and then IT will be the one with the well known exploits...jeez. I'll get dugg down for my next statement, but didn't we learn anything from Macs? everyone thinks they're sooo much safer machines with nooone of the security flaws that PC's "inherently" posses, but due to Macs' recent popularity boost (thanks to commercials that claim the opposite) we see that there is no such thing as a perfect OS (or web browser). <a class="user" href="http://www.informationweek.com/news/showArticle.jhtml?articleID=199200243">http://www.informationweek.com/news/showArticle.jhtml?articleID=199200243</a>I just like how Macs are still "unpopular" enough that they can get away with patching so infrequently that they their patches consist of 25 vulnerabilities. Awesome!
triblinatorJun 5, 2007
w00t opera ftw!
higherlogicJun 5, 2007
You forgot this one (based on comment #c7031860):If the hole is in Firefox, I bet they'll patch it quicker than IE does *rolleyes*
takedaJun 6, 2007
"I'll switch to opera as soon as it has ad blocking - and the ability to import my block list."<a class="user" href="http://operawiki.info/OperaAdblock">http://operawiki.info/OperaAdblock</a><a class="user" href="http://help.opera.com/Windows/9.00/en/contentblock.html">http://help.opera.com/Windows/9.00/en/contentblock.html</a>As for the format, it's just a text file (urlfilter.ini) with masks of URL links, I belive AdBlock uses similar format, so it should be as easy as copy&paste)Welcome, new Opera user :D
tdousJun 6, 2007
@chrisc262Dude, chill out and reminisce ;)
chrismgtisJun 6, 2007
If you have a problem with NoScript, the ease of use or for any matter at all, don't complain, your mom doesn't know how to program a VCR either. It's ok.
benlindelofJun 6, 2007
I've been warning web server operators and administrators about this.They act stupid and say things like "Prove it!". I remind them I don't work for them. Please fix your security issues. Whether or not they do so is not my concern. This guy who released this secure information is a hero because he has the guts (that I don't) to show you where you are vulnerable.Guess what happens when I show someone where they are vulnerable? They get pissed off. Guess what? I don't do that anymore.It's a sticky situation! Don't get into it if you are emo! The computer has no feelings. Learn to code without emotion and I think you will do alot better.If you are not in the internet security business, don't freak out. We are working on it. For now, everything is monitored so we can track what is happening. This way nothing goes undetected and can be later analyzed.You're in good hands. P.S. The grammar police and spelling police spam has got to stop. No one cares if someone's keyboard is acting up and they "mispell" words, and we are all getting tired of the spelling and grammar fixes. It's unwanted. That means it's spam. Stop doing it.
benlindelofJun 6, 2007
P.S.S. Yes, you can fix these problems on the client side or the server side. It's nice when browsers protect you, but the servers are ultimately responsible for ensuring that the data sent out cannot be used by an unintended recipient. Server administrators will disagree...