| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: lists at onryou.com (Cael Abal) Subject: Comments on 5 IE vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thor Larholm wrote: | When I attended the NTBugtraq Retreat earlier this year, most of the | attendees were surprised to hear that I am using Internet Explorer on | a daily basis, particularly since I should know how vulnerable it can | be at any given time. I surf with JavaScript and ActiveX enabled, see | flash movies and play Java games, but despite this I am not vulnerable | [0] to a single command execution vulnerability or system compromise | through Internet Explorer. | | How, you might ask? Simple, I have locked down the My Computer | security zone on my installations [1]. Hi Thor, Don't you think perhaps that time used to take a bad browser and make it better is really time better spent elsewhere? It's like taking a pie out of the trash and picking off the coffee grounds and ashes instead of just baking another pie. It's probably worthwhile to note for the peanut gallery that you've really only demonstrated a resistance to known exploits which depend on local security zones, and not any number of unknown exploits which (conceivably) do not. Not that you claimed otherwise, of course. Don't get me wrong, I do think your efforts are valuable -- you effectively point out how IE can be hardened. Regardless, I'll personally continue to recommend an alternative browser. Take care, Cael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/y/3nR2vQ2HfQHfsRAie1AKC+FNSZKWD63rdSALhw+MQObM2WMQCguwxf Tv8pQ0tKf8B+M+Nq27ePsjE= =a5Yq -----END PGP SIGNATURE-----
Powered by blists - more mailing lists