Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

dailydave logo Dailydave mailing list archives

Real Security
From: Dave Aitel <dave () immunityinc com>
Date: Sat, 20 Oct 2007 12:34:19 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

We released a reliable exploit for the new RealPlayer bug into CANVAS
Early Updates this morning which makes me wonder why NASA retracted
their request for all their contractors and employees to use Firefox
instead of IE, instead asking them to just uninstall RealPlayer.[1]  I
thought the original request made a lot of sense: If the employees
stop using IE, they don't have to worry about the next big ActiveX
vulnerability. And it's something you can easily block at the gateway
of your organization: just filter on UserAgent.

In any case, it was more ballsy than you'd expect from a big
government organization.

- -dave

[1] http://www.infosecblog.org/2007/10/nasa-bans-ie.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHGi4JB8JNm+PA+iURAlsgAJ90fAuWJS0GcKNHFTcXP5JpnDBdUQCfSDJk
x4BFwUoF1anZEy1H+x6Iz48=
=ww/j
-----END PGP SIGNATURE-----

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

  By Date           By Thread  

Current thread:
  • Real Security Dave Aitel (Oct 20)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]