|
Dailydave
mailing list archives
Re: Firefox bugs
From: "Dave Aitel" <dave.aitel () gmail com>
Date: Tue, 3 Oct 2006 16:23:46 -0400
Web bugs are not code executing on your computer. Typically they're not even
javascript, just an embedded image or audio file that loads from a remote
site. Spyware is code executing on your computer.
I'm going to say though, I do think weev has 30 Javascript bugs in Mozilla.
The question for Window Snyder is "What are you going to do about it?" Is
Firefox at least compiled with /Gs these days (or pro-police (what's the
current best GCC flag?) on Linux/OS X? Does Mozilla help Novell install
their application profile stuff? Does Mozilla have a certified SELinux
profile? Making browsing safe is a hard job and there's a lot Mozilla can
do. $500 bucks a bug is not it.
I think it's extra special funny that someone from SixApart's LiveJournal
was giving a talk with someone from Bantown, who did the big LiveJournal
attack a while back.
(see
http://blog.washingtonpost.com/securityfix/2006/01/account_hijackings_force_livej.html
)
What's next? Spammers working with anti-spam companies? :>
-dave
On 10/3/06, Alexander Sotirov <asotirov () determina com> wrote:
Dave Aitel wrote:
> Anyways, our congresscritters think that SPYWARE==WEB BUG. And it's
> not true. Someone needs to call them and explain it slowly.
How is a web bug not spyware? Or are you saying that spyware is more than
just
web bugs?
Alex
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
 By Date 
By Thread
Current thread:
Re: Firefox bugs Matt (Oct 03)
Re: Firefox bugs Alexander Sotirov (Oct 03)
| 
Intro
