lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <419DC473.4090505@elforsoft.com>
From: raoul at elforsoft.com (Raoul Nakhmanson-Kulish)
Subject: IE is just as safe as FireFox

Hello, Esmond!

> Offline folders work as well as roaming profiles do : nice fast networks
> and low overhead/beefy servers work well, odd things happen if you have
> impatient users with laptops, wireless etc. Sometimes its simply easier
> to have a scheduled task sync files to a local folder. This will also
> address the central-server-share-Firefox I/O bottleneck you will see
> with medium size offices.
Agreed, in large or slow networks this would be a better solution.

> You will lose the turnkey application security
> the original poster sought. 
I don't guess this to be a problem. If user haven't an administrative 
rights, he/she couldn't edit a FF files copied from server. Anyway, we 
are solving a problem of fool-tolerant network in this topic, not about 
internal wrongdoers, is it? ;)

> In IE, you can combat this using a configuration script in place of the
> proxy server (and preferredly in a public location) and outside of GP.
Mozilla/Firefox understands autoconfig scripts too.

> The script hardcodes the proxy based on certain criteria (e.g. if local
> ip is your corporate addressing - use internal proxy otherwise use
> none).
Autoconfig script may enumerate hosts which don't require a proxy. 
Usually there are a very few intranet servers in corporate network.

More, I consider IE feature to ignore proxy for LAN hosts may be 
dangerous. Imagine a worm which spreads by this algorithm: it launches 
HTTP service on victim host, lures user at another PC to open URL 
pointing to victim, then launches on target PC. The fact as previosly 
affected host is situated in Local intranet zone, significantly 
facilitates worm spreading.

> Proxy servers are increasingly used to clean/protect IE users.
This is irrelevant of browser's vendor. Good proxy always is the best 
addition to a good browser :)

-- 
Best regards,
Raoul Nakhmanson-Kulish
Elfor Soft Ltd.,
ERP Department
http://www.elforsoft.ru/


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ