lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <2d6724810903031933s72aef5daua323e17a55082a13@mail.gmail.com>
Date: Tue, 3 Mar 2009 22:33:09 -0500
From: T Biehn <tbiehn@...il.com>
To: Valdis.Kletnieks@...edu
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Most secure internet exploration tool?

Obviously Internet Explorer on Windows, because it's developed by good
paid developers, not long bearded unix nerds.

On Tue, Mar 3, 2009 at 7:56 PM,  <Valdis.Kletnieks@...edu> wrote:
> On Tue, 03 Mar 2009 19:31:35 EST, bobby.mugabe@...hmail.com said:
>
>> code execution power hacks, etc).  I would like to start a
>> discussion, weighing in every expert opinion on what the most
>> secure web browser is and why.
>
> Does 'telnet www.example.com 80' or 'netcat' count as a browser?  Do
> ascii-only things that only render static html count?  Does a mainstream
> browser with javascript and/or plugins disabled count?
>
> You then get to do a similar analysis defining "secure".  It isn't a binary
> yes/no - it's a continuum of different issues and relative importance, and
> different people may rank things in different orders.  Somebody who is
> responsible for regulatory compliance probably cares more about data exposure
> and identity theft issues - but a browser crash resulting in no data loss
> isn't an issue.  Meanwhile, the guy who has to run the help desk cares
> if an issue crashes browsers and generates phone calls (anybody who was working
> in a NOC when Nachi came around knows how fast the costs of an outage can
> pile up, even if no data is permanently lost).
>
> Gotta draw a boundary box if you want reasonable answers.
>
>>                                Also whether or not the underlying
>> operating system matters - is firefox more secure under BeOS than
>> mosaic under IBM's dos?
>
> Again, you have to make a decision - if an exploit *did* manage to abuse
> a browser's code, but was then foiled by an OS security feature (ACLs, ASLR,
> SELinux, or whatever), does that count as "a secure browser", or "a secure OS"?
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ