lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20060403154412.GA12118@eltex.net>
Date: Mon, 3 Apr 2006 19:44:12 +0400
From: ArkanoiD <ark@...ex.net>
To: Crispin Cowan <crispin@...ell.com>
Cc: "Steven M. Christey" <coley@...re.org>, bugtraq@...urityfocus.com
Subject: Re: On product vulnerability history and vulnerability complexity


nuqneH,

On Sat, Apr 01, 2006 at 03:00:30PM -0800, Crispin Cowan wrote:
> >   
> IMHO the biggest thing that makes Firefox on Linux more secure than IE
> on Windows is that you don't run Firefox as root/administrator, so when
> it gets hacked, it doesn't 0wn the machine.

Actually there is only one major difference: you cannot be rootkited (unless
there is an exploit that fits, and if you are running X11 with all modern
software bells'n'whistles , there probably is) .

>From other points of view owning a sole user on the machine does not 
differ much.

(Do they still run web browser as administrator? I think XP was designed not
to do that?)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ