lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <49ADF041.6060701@nbnet.nb.ca>
Date: Tue, 03 Mar 2009 23:06:41 -0400
From: Stephen Menard <smenard@...et.nb.ca>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Most secure internet exploration tool?

Nice Valdis

My cell phone provider asked me if I rebooted my blackberry
because there was an antenna SOS
on the display

talk about denial of service
with 9 missed calls

phuk

steve
yes i pay my bills






Valdis.Kletnieks@...edu wrote:
> On Tue, 03 Mar 2009 19:31:35 EST, bobby.mugabe@...hmail.com said:
>
>   
>> code execution power hacks, etc).  I would like to start a
>> discussion, weighing in every expert opinion on what the most
>> secure web browser is and why.
>>     
>
> Does 'telnet www.example.com 80' or 'netcat' count as a browser?  Do
> ascii-only things that only render static html count?  Does a mainstream
> browser with javascript and/or plugins disabled count?
>
> You then get to do a similar analysis defining "secure".  It isn't a binary
> yes/no - it's a continuum of different issues and relative importance, and
> different people may rank things in different orders.  Somebody who is
> responsible for regulatory compliance probably cares more about data exposure
> and identity theft issues - but a browser crash resulting in no data loss
> isn't an issue.  Meanwhile, the guy who has to run the help desk cares
> if an issue crashes browsers and generates phone calls (anybody who was working
> in a NOC when Nachi came around knows how fast the costs of an outage can
> pile up, even if no data is permanently lost).
>
> Gotta draw a boundary box if you want reasonable answers.
>
>   
>>                                Also whether or not the underlying
>> operating system matters - is firefox more secure under BeOS than
>> mosaic under IBM's dos?
>>     
>
> Again, you have to make a decision - if an exploit *did* manage to abuse
> a browser's code, but was then foiled by an OS security feature (ACLs, ASLR,
> SELinux, or whatever), does that count as "a secure browser", or "a secure OS"?
>   
> ------------------------------------------------------------------------
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/


Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ