| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: daniele at muscetta.com (Daniele Muscetta) Subject: Interesting side effect of the new IE patch Stefan Esser said: > Hello, > >> FIAT (the famous Italian CAR producer) invested quite an amount of >> money and effort in lauching the promotional site: >> http://www.buy@...t.com >> >> ....I think they must not be very happy now..... :( > > Of course they are not happy now. Like a lot of other people who relied > on this standard. It is really sad, that Microsoft removes features > because they are to lazy to think up other solutions. They are just RUSHING to close as may bugs as possible.... and as always happens when fixing things afterwards intead of designing them in from the beginning, things either break, or settings that get closed have to be re-opened again. Another issue I personally encountered some days ago was an application which all of a sudden stopped working after having applied SP4 (on a windows 2000 server), because of the NEW user rights they introduced: http://support.microsoft.com/default.aspx?kbid=821546 which might have been nice to have from the beginning, so that people would have not written applications that require that right in the first place.Now, while waiting for a new version of that application to be released (if and when this is going to happen)... all one has to do is to EXPLICITLY GRANT that right to all of the users on that machine..... practically reverting the machine to the inseure setting it had before SP4. Same applies for the 'security enhanced configuration' of IExplore in Windows 2003.... which is SO tight that not even their own windowsupdate works..... which results in people uninstalling it.... > (Oh yeah and this is not a Microsoft only problem, or why do f.e. > openssh/openssl allow RSA keys without passphrases?) Indeed. But it is the continuos struggle between security and usability.... > Ohh yes and I choose the word standard, because standard is not what > some RFC/paper dictates, but what the majority of people (or browsers) > use (support). NTSC would not exist otherwise, because NTSC was NOT the > official standard for color television in the beginning. I don't know, we have PAL ;) Regards, Daniele Muscetta
Powered by blists - more mailing lists