Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: IE is just as safe as FireFox
From: "Todd Towles" <toddtowles () brookshires com>
Date: Fri, 12 Nov 2004 10:24:44 -0600

 

Use SUS to install XP SP2 to 14,000 Windows 2000 machines? 
Somehow I think that will be problematic.
Don't forget you have to be on a certain service pack to use SUS for
Windows 2000, then change GPO to push the AU changes to each machine to
even use SUS..and if you are a admin access, it isn't totally slient.
Explain that to non-geek users. Since SUS is free, you can what you pay
for...since it over and over again.

Replace the SHDOCVW.DLL with the XP SP2 version? On Windows 
2000 machines?
And what about the practical problems getting round Windows 
File Protection? On 14,000 machines? Do you want to come in 
here and try what you suggest?
SP2 breaks stuff..we all forget so fast. Compaines have old apps and
some will be broken by SP2, but of course Microsoft will only release
post-SP2 IE fixes..so they tell us to not rush SP2 and then only release
updates for post-SP2. Great...good job. Ohh..and the handing of the GDI
exploit..that was worthy of a billion dollar company.

-Todd











                                                              
             
             "Rafel Ivgi,                                     
             
             The-Insider"                                     
             
             <theinsider () 012 n                                
          To 
             et.il>                    
<full-disclosure () lists netsys com>, 
                                       
<Colin.Scott () csplc com>             
             12/11/2004 14:08                                 
          cc 
                                                              
             
                                                              
     Subject 
                                       Re: [Full-Disclosure] 
IE is just as 
                                       safe as FireFox        
             
                                                              
             
                                                              
             
                                                              
             
                                                              
             
                                                              
             
                                                              
             




If you do have 14000 machines why don't you buy "Finjan's 
Vital Security For Web"?
It will filter all malicious I.E exploits for all its 
surfers(its a proxy, quite fast...)

Or just use SUS(system update server (microsoft)) just like 
any other administrator... to install sp2 or to just replace 
the c:\windows\system32\shdocvw.dll with the patched one or with
sp2
one...

Rafel Ivgi, The-Insider
Security Consultant
Malicious Code Research Center (MCRC)
Finjan Software LTD
E-mail: rivgi () Finjan com
---------------------------------
Prevention is the best cure!
----- Original Message -----
From: <Colin.Scott () csplc com>
To: <full-disclosure () lists netsys com>
Sent: Friday, November 12, 2004 12:46 PM
Subject: Re: [Full-disclosure] IE is just as safe as FireFox


Oh yeah, I've got 14,000 Windows 2000 machines to update to 
windows XP SP2, hang on wheres that CD?

So thanks for your infinate wisdom there Rafel.

Colin.









            "Rafel Ivgi,
The-Insider"
<theinsider () 012 n                                          To
et.il>                    <full-disclosure () lists netsys com>
Sent by:                                                   cc
full-disclosure-a
dmin () lists netsys                                     Subject
.com                      Re: [Full-Disclosure] IE is just as
safe as FireFox
12/11/2004 06:44



That is incorrect, there is a fix --> SP2.
Users  should use the latest updated system, meaning if there 
is an SP2, they should install it.


Rafel Ivgi, The-Insider
Security  Consultant
Malicious Code Research Center (MCRC)
Finjan Software  LTD
E-mail: rivgi () Finjan com
---------------------------------
Prevention  is the best cure!
----- Original Message -----
From: "Martin Mkrtchian"  <dotsecure () gmail com>
To: "Todd Towles" <toddtowles () brookshires com>
Cc: "Mailing List -  Full-Disclosure" 
<full-disclosure () lists netsys com>;
<ring-of-fire () yahoogroups com>
Sent: Friday,  November 12, 2004 3:03 AM
Subject: Re: [Full-disclosure] IE is just as safe  as FireFox


They should've at least released that statement after  they 
fixed the 
IE FRAME vulnerability. 0 day exploit is in the wild and  
no fix for 
it, yet they claim its secure enough.

If the  programmers are as smart as the company press 
releasers, I can
see   why I.E. still sux.


Martin


On  Thu, 11 Nov 2004 15:59:20 -0600, Todd Towles 
<toddtowles () brookshires com> wrote:
Microsoft's  security and mangement product manager (Ben English)
says...

At a security roundtable discussion in Sydney on  Thursday, Ben 
English, Microsoft's security and management product  
manager, told 
attendees
that
IE undergoes "rigorous code reviews"  and is no less 
secure than any 
other  browser.

"Because IE is ubiquitous, you hear a lot more  about it, 
but I don't 
think that Internet Explorer is any less  secure than any other 
browser out there," English  said.


http://news.com.com/Microsoft+says+Firefox+not+a+threat+to+IE/2100-10
32_
 3-5448719.html?part=dht&tag=ntop&tag=nl.e433

Can  anyone say IFRAME? Lol

-Todd

 _______________________________________________
Full-Disclosure - We  believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


 _______________________________________________
Full-Disclosure - We  believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html






**************************************************************
************************


This e-mail is confidential and may contain privileged 
information.  If you are not the addressee or if you have 
received the e-mail in error, it may be unlawful for you to 
read, copy, distribute, disclose or otherwise use the 
information which it contains.  Under these circumstances, 
please notify us immediately by returning this mail to 
'mailerror () csplc com' and deleting this e-mail from your system.

Any views expressed by an individual within this e-mail do 
not necessarily reflect the views of Cadbury Schweppes Plc or 
its subsidiaries.  Cadbury Schweppes Plc will not be bound by 
any agreement entered into as a result of this email, unless 
its intention is clearly evidenced in the body of the email.
Whilst we have taken reasonable steps to ensure that this 
e-mail and attachments are free from viruses, recipients are 
advised to subject this mail to their own virus checking, in 
keeping with good computing practice.
Please
note that email received by Cadbury Schweppes Plc or its 
subsidiaries may be monitored in accordance with the 
prevailing law in the United Kingdom.

**************************************************************
************************


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault