Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: IE is just as safe as FireFox
From: "Todd Towles" <toddtowles () brookshires com>
Date: Fri, 12 Nov 2004 14:58:56 -0600

I don't know about you Rafel, but I know people in your company think XP
SP2 is full of holes also. =)

"Ten new security holes in Windows XP Service Pack 2 have been
discovered, so get ready to insert new patches into your patch
management schedule. Microsoft recently announced their Security
Bulletin Advance Notification Program, which gives administrators a
several days advance notice of upcoming patches, however these new
security holes were announced by security product maker Finjan
Software."

http://www.winnetmag.com/Windows/Article/ArticleID/44502/Windows_44502.h
tml

Great ten more patches they won't released for Windows XP Gold or
Windows 2000....

I think the founder of Finjan is speaking my language as well...

Shlomo Touboul, CEO and Founder of Finjan Software, said "Windows XP SP2
operating system is a continuation of the same Windows XP Operating
System and Windows Kernel. All Windows versions have been developed with
requirements for highest backward compatibility and open architecture,
with maximum productivity and ease of use. In addition, Windows
applications typically run with administrative permission with full and
unlimited access to computer resources."

Sound familiar?

-Todd

Rafel Ivgi, The-Insider
Security Consultant
Malicious Code Research Center (MCRC)
Finjan Software LTD
E-mail: rivgi () Finjan com
---------------------------------
Prevention is the best cure!
----- Original Message -----
From: <Colin.Scott () csplc com>
To: <full-disclosure () lists netsys com>
Sent: Friday, November 12, 2004 12:46 PM
Subject: Re: [Full-disclosure] IE is just as safe as FireFox


Oh yeah, I've got 14,000 Windows 2000 machines to update to 
windows XP SP2,
hang on wheres that CD?

So thanks for your infinate wisdom there Rafel.

Colin.








                                                              
               
            "Rafel Ivgi, 
The-Insider" 
<theinsider () 012 n                                          To 
et.il>                    <full-disclosure () lists netsys com> 
Sent by:                                                   cc 
full-disclosure-a 
dmin () lists netsys                                     Subject 
.com                      Re: [Full-Disclosure] IE is just as 
safe as FireFox 
12/11/2004 06:44



That is incorrect, there is a fix --> SP2.
Users  should use the latest updated system, meaning if there 
is an SP2,
they
should install it.


Rafel Ivgi, The-Insider
Security  Consultant
Malicious Code Research Center (MCRC)
Finjan Software  LTD
E-mail: rivgi () Finjan com
---------------------------------
Prevention  is the best cure!
----- Original Message -----
From: "Martin Mkrtchian"  <dotsecure () gmail com>
To: "Todd Towles" <toddtowles () brookshires com>
Cc: "Mailing List -  Full-Disclosure" 
<full-disclosure () lists netsys com>;
<ring-of-fire () yahoogroups com>
Sent: Friday,  November 12, 2004 3:03 AM
Subject: Re: [Full-disclosure] IE is just as safe  as FireFox


They should've at least released that statement after  they 
fixed the
IE FRAME vulnerability. 0 day exploit is in the wild and  no fix for
it, yet they claim its secure enough.

If the  programmers are as smart as the company press 
releasers, I can
see   why I.E. still sux.


Martin


On  Thu, 11 Nov 2004 15:59:20 -0600, Todd Towles
<toddtowles () brookshires com> wrote:
Microsoft's  security and mangement product manager (Ben English)
says...

At a security roundtable discussion in Sydney on  
Thursday, Ben English,
Microsoft's security and management product  manager, told 
attendees
that
IE undergoes "rigorous code reviews"  and is no less 
secure than any
other  browser.

"Because IE is ubiquitous, you hear a lot more  about it, 
but I don't
think that Internet Explorer is any less  secure than any 
other browser
out there," English  said.


http://news.com.com/Microsoft+says+Firefox+not+a+threat+to+IE/
2100-1032_
 3-5448719.html?part=dht&tag=ntop&tag=nl.e433

Can  anyone say IFRAME? Lol

-Todd

 _______________________________________________
Full-Disclosure - We  believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


 _______________________________________________
Full-Disclosure - We  believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html






**************************************************************
************************

This e-mail is confidential and may contain privileged 
information.  If you 
are not the addressee or if you have received the e-mail in 
error, it may
be unlawful for you to read, copy, distribute, disclose or 
otherwise use the
information which it contains.  Under these circumstances, 
please notify
us immediately by returning this mail to 
'mailerror () csplc com' and deleting
this e-mail from your system.

Any views expressed by an individual within this e-mail do 
not necessarily
reflect the views of Cadbury Schweppes Plc or its 
subsidiaries.  Cadbury
Schweppes Plc will not be bound by any agreement entered into 
as a result
of this email, unless its intention is clearly evidenced in 
the body of the 
email.
Whilst we have taken reasonable steps to ensure that this e-mail and
attachments are free from viruses, recipients are advised to 
subject this 
mail
to their own virus checking, in keeping with good computing 
practice. Please
note that email received by Cadbury Schweppes Plc or its 
subsidiaries may be
monitored in accordance with the prevailing law in the United Kingdom.

**************************************************************
************************

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]