lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue Mar 28 06:35:19 2006
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu)
Subject: EEYE: Temporary workaround for IE
	createTextRange vulnerab 

On Mon, 27 Mar 2006 21:13:05 PST, "Gary E. Miller" said:

> I remember hearing the same thing from the VAX and mainframe guys.  Then

Well.. I started as a mainframe guy, and in some respects I *still* am (it's
just that the actual hardware has gone through several revisions - there's *still*
a need for large servers that run corporate-scale functionality).

> Windows machines snuck in here and there.  Then the mainframes were
> mostly gone and WinBlows ruled the roost.  Now firefox is sneaking in

And then, rather than paying *one* IT person *once* to upgrade the PROFS
e-mail system on the IBM mainframe, and handling all the retraining and
support issues *once*, we got every departmental secretary wasting time
trying to upgrade their Outlook client - frequently breaking it in the
process.  Remember - that person is paid to know about HR issues, I'm getting
paid to know about IT issues.  I'm not expected to be cost-productive when
dealing with an HR problem, that's why I'm expected to call HR to do it.

But yet people have this odd expectation that HR person has any interest or
training in getting the IT stuff right..

And of course, all the cross-version issues while 3 departments have installed
the next release of Outlook, and 6 others haven't - and 2 of the 3 are done
wrong. ;)

And this, my friends, is why Active Directory sprouted stuff like "push
updates via GPO", so that the "do it once, correctly" method could come back...

> around the glass-house priesthood.  We know history repeats itself, the
> trick is figureing out how it will next time before it is too late.

Prediction: Somebody is going to make a mint selling a Linux equivalent of
"push via GPO".  (Yes, I know there's stuff out there now - the prediction is
that somebody will get rich selling something ;)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060328/ae29f1cc/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ