lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: devis at easynix.net (devis)
Subject: [in] Re: IE is just as safe as FireFox

>
> True goal is making as much money and influence as possible.
>
Please read my previous posts on this list regarding that matter.

>> This is why, Firefox being independant from this OS that carries 60 
>> of its code base as being legacy code for older system hardware and 
>
>
> The Mozilla Suite (and Firefox) already existed for some years.
>
Should we compare the new version/updates delivery frequency of the 
Mozilla Project with others ?

>> Lets not hide from ourselves whats needed from MS to reach modern 
>> world security:
>> a complete rewrite, and a ditch of old Dos base and the 20 years old 
>> legacy code.
>
>
> Microsoft Windows NT is a complete rewrite from scratch. MSDOS is 
> being emulated in a virtual machine called NTVDM. Microsoft Windows XP 
> is not the first NT version, mind you.
>
I used nt4 ws and server, i still noted at the time the default behavior 
of making the first user an administrator, and not inviting to create an 
unpriviledged user. All of the migrations NT4 -> BSD i did were in that 
case.
The point is that relying on the solidity of ur network application / 
daemon / server and not restricting / reducing the impact of a crash / 
vulnerability / intrusion is just completely irresponsible. Jails are 
not "all"  but they help as a preventive measure, and they instantly 
upgrades the knowledge level needed by the attack. They make sure for 
example, that the latest  worms  exploiting the latest vulnerability 
that remains unpatched by your vendor, are not taking over the box 
completely. Geez sounds familiar ?

Until MS manages to run a webserver / authserver / mailserver (fill in 
the list ... ) with the same functionnality and as non priviledged user, 
it will be much more unsecure out there.

And btw the "Virtual" Dos seems particulary present:
Try this on any NT OSes: new folder -> aux, lpt1, con, nul     ...Should 
i carry on ? (Hint: MSDos Reserved devices).
As i say previously non case sensitive OSes belong to the museum.

>> Rafel Ivgi, The-Insider wrote:
>>
> >[ fullquote from grandparent snipped, please learn some quoting style ]
>
I will only if you learn to NOT reply to all [emails] of the thread but 
just to the list.

>
> Stefan Schatzl.

d.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ