| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <9E97F0997FB84D42B221B9FB203EFA273F2E7D@dc1ms2.msad.brookshires.net> From: toddtowles at brookshires.com (Todd Towles) Subject: IE is just as safe as FireFox > Use SUS to install XP SP2 to 14,000 Windows 2000 machines? > Somehow I think that will be problematic. Don't forget you have to be on a certain service pack to use SUS for Windows 2000, then change GPO to push the AU changes to each machine to even use SUS..and if you are a admin access, it isn't totally slient. Explain that to non-geek users. Since SUS is free, you can what you pay for...since it over and over again. > Replace the SHDOCVW.DLL with the XP SP2 version? On Windows > 2000 machines? > And what about the practical problems getting round Windows > File Protection? On 14,000 machines? Do you want to come in > here and try what you suggest? SP2 breaks stuff..we all forget so fast. Compaines have old apps and some will be broken by SP2, but of course Microsoft will only release post-SP2 IE fixes..so they tell us to not rush SP2 and then only release updates for post-SP2. Great...good job. Ohh..and the handing of the GDI exploit..that was worthy of a billion dollar company. -Todd > > > > > > > > > > > > > "Rafel Ivgi, > > The-Insider" > > <theinsider@....n > To > et.il> > <full-disclosure@...ts.netsys.com>, > > <Colin.Scott@...lc.com> > 12/11/2004 14:08 > cc > > > > Subject > Re: [Full-Disclosure] > IE is just as > safe as FireFox > > > > > > > > > > > > > > > > > > If you do have 14000 machines why don't you buy "Finjan's > Vital Security For Web"? > It will filter all malicious I.E exploits for all its > surfers(its a proxy, quite fast...) > > Or just use SUS(system update server (microsoft)) just like > any other administrator... to install sp2 or to just replace > the c:\windows\system32\shdocvw.dll with the patched one or with > sp2 > one... > > Rafel Ivgi, The-Insider > Security Consultant > Malicious Code Research Center (MCRC) > Finjan Software LTD > E-mail: rivgi@...jan.com > --------------------------------- > Prevention is the best cure! > ----- Original Message ----- > From: <Colin.Scott@...lc.com> > To: <full-disclosure@...ts.netsys.com> > Sent: Friday, November 12, 2004 12:46 PM > Subject: Re: [Full-Disclosure] IE is just as safe as FireFox > > > Oh yeah, I've got 14,000 Windows 2000 machines to update to > windows XP SP2, hang on wheres that CD? > > So thanks for your infinate wisdom there Rafel. > > Colin. > > > > > > > > > > "Rafel Ivgi, > The-Insider" > <theinsider@....n To > et.il> <full-disclosure@...ts.netsys.com> > Sent by: cc > full-disclosure-a > dmin@...ts.netsys Subject > .com Re: [Full-Disclosure] IE is just as > safe as FireFox > 12/11/2004 06:44 > > > > That is incorrect, there is a fix --> SP2. > Users should use the latest updated system, meaning if there > is an SP2, they should install it. > > > Rafel Ivgi, The-Insider > Security Consultant > Malicious Code Research Center (MCRC) > Finjan Software LTD > E-mail: rivgi@...jan.com > --------------------------------- > Prevention is the best cure! > ----- Original Message ----- > From: "Martin Mkrtchian" <dotsecure@...il.com> > To: "Todd Towles" <toddtowles@...okshires.com> > Cc: "Mailing List - Full-Disclosure" > <full-disclosure@...ts.netsys.com>; > <ring-of-fire@...oogroups.com> > Sent: Friday, November 12, 2004 3:03 AM > Subject: Re: [Full-Disclosure] IE is just as safe as FireFox > > > > They should've at least released that statement after they > fixed the > > IE FRAME vulnerability. 0 day exploit is in the wild and > no fix for > > it, yet they claim its secure enough. > > > > If the programmers are as smart as the company press > releasers, I can > > see why I.E. still sux. > > > > > > Martin > > > > > > On Thu, 11 Nov 2004 15:59:20 -0600, Todd Towles > > <toddtowles@...okshires.com> wrote: > >> Microsoft's security and mangement product manager (Ben English) > says... > >> > >> At a security roundtable discussion in Sydney on Thursday, Ben > >> English, Microsoft's security and management product > manager, told > >> attendees > that > >> IE undergoes "rigorous code reviews" and is no less > secure than any > >> other browser. > >> > >> "Because IE is ubiquitous, you hear a lot more about it, > but I don't > >> think that Internet Explorer is any less secure than any other > >> browser out there," English said. > >> > >> > http://news.com.com/Microsoft+says+Firefox+not+a+threat+to+IE/2100-10 > >> 32_ > >> 3-5448719.html?part=dht&tag=ntop&tag=nl.e433 > >> > >> Can anyone say IFRAME? Lol > >> > >> -Todd > >> > >> _______________________________________________ > >> Full-Disclosure - We believe in it. > >> Charter: http://lists.netsys.com/full-disclosure-charter.html > >> > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > > > > ************************************************************** > ************************ > > > This e-mail is confidential and may contain privileged > information. If you are not the addressee or if you have > received the e-mail in error, it may be unlawful for you to > read, copy, distribute, disclose or otherwise use the > information which it contains. Under these circumstances, > please notify us immediately by returning this mail to > 'mailerror@...lc.com' and deleting this e-mail from your system. > > Any views expressed by an individual within this e-mail do > not necessarily reflect the views of Cadbury Schweppes Plc or > its subsidiaries. Cadbury Schweppes Plc will not be bound by > any agreement entered into as a result of this email, unless > its intention is clearly evidenced in the body of the email. > Whilst we have taken reasonable steps to ensure that this > e-mail and attachments are free from viruses, recipients are > advised to subject this mail to their own virus checking, in > keeping with good computing practice. > Please > note that email received by Cadbury Schweppes Plc or its > subsidiaries may be monitored in accordance with the > prevailing law in the United Kingdom. > > ************************************************************** > ************************ > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
Powered by blists - more mailing lists