lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <0273B67044957C41BD71D12EBA2E00AE0FD9D1@becca.LarrySeltzer.local>
Date: Tue, 12 Jun 2007 09:19:54 -0400
From: "Larry Seltzer" <Larry@...ryseltzer.com>
To: <seclists@...holm.com>, <bugtraq@...urityfocus.com>,
	<full-disclosure@...ts.grok.org.uk>
Subject: Re: Safari for Windows,
	0day URL protocol handler command injection

>>Apple released version 3 of their popular Safari web browser today,
with the added twist of offering both an OS X and a Windows version.
Given that Apple has had a lousy track record with security on OS X, in
addition to a hostile attitude towards security researchers, a lot of
people are expecting to see quite a number of vulnerabilities targeted
towards this new Windows browser. 

Joe Wilcox here at eWEEK is speculating, as are others, that Apple could
start bundling Safari with the Windows iTunes software
(http://www.microsoft-watch.com/content/web_services_browser/do_we_reall
y_need_another_windows_browser.html). They have already done this with
QuickTime. Safari could develop installed base quickly that way.

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.eweek.com/cheap_hack/
Contributing Editor, PC Magazine
larryseltzer@...fdavis.com 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ