lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20041119165210.GB30921@DAPCVA.da>
From: var at deny-all.com (Vincent Archer)
Subject: IE is just as safe as FireFox

On Fri, Nov 19, 2004 at 10:51:43AM -0500, joe wrote:
> > Autoconfig script may enumerate hosts which don't require a proxy. 
> > Usually there are a very few intranet servers in corporate network.
> 
> You should have prefixed "there are very few... " with one of two things 
> 
> 1. Relative to the internet...
> 
> 2. In my experience...

Well, he did say "usually" :)

> This is actually the area where IE is so strongly embedded due to its
> application interfaces and what MS has been building towards for so long
> with it. If you look at this space and compare how firefox renders/operates
> next to IE you will see why many companies chose IE as their official
> browser even in the face of having more exposure due to security. A lot of
> that depends on how the web site is designed/built but there is a lot of
> functionality there that can only be reached (and thereby exploited) on IE.
> There are companies whose primary LOB applications internally are on IIS
> servers and can only be accessed with IE. In those cases it isn't a simple
> pick up and replace the browser scenario. 

Even something as simple as OWA (Outlook Web Access), which is often used
as the main component of the corporate "Extranet" is strikingly different.
OWA looks like an average web app when viewed on a Mozilla or similar
browser. OWA looks almost exactly like Outlook when viewed by IE.

Other apps flatly refuse to work with anything but IE. None of these
are strictly "web applications" anymore - they are applications that use
an UI processor, which happens to be the HTML processor as well.

-- 
Vincent ARCHER
varcher@...yall.com

Tel : +33 (0)1 40 07 47 14
Fax : +33 (0)1 40 07 47 27
Deny All - 5, rue Scribe - 75009 Paris - France
www.denyall.com


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ