lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20040614130737.16053.qmail@www.securityfocus.com>
Date: 14 Jun 2004 13:07:37 -0000
From: Greg Kujawa <greg.kujawa@...mondcellar.com>
To: bugtraq@...urityfocus.com
Subject: Re: MS web designers -- "What Security Initiative?"


In-Reply-To: <40CB8263.18297.7605685C@...alhost>

I have to applaud your specific examples of where Microsoft's aims have been redirected (pun intended) and have become woefully presumptuous. Having worked in web hosting and website development in past lives I would agree that correcting the weblinks would be a truer solution than just performing all of the sneaky redirects that require scripting to be enabled.

Here's my question. Everyone please feel free to point out its validity as necessary. Why not add www.microsoft.com to your Trusted Sites list and allow this Internet Zone to have Active Scripting function as prompted? Are there cross-site exploits present that even make this a poor solution? This is the interim solution I have in place at my business locations. We have to use Internet Explorer for work-related application requirements. Otherwise I wouldn't switched to something like Mozilla. 

In lieu of Microsoft patching the latest round of Secunia announced security holes I am disabling Active Scripting for all Internet Zones but the Trusted Sites Zone. If this isn't the best alternative what is if we *have* to use MSIE? 

Anyone??

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ