[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <49ADF041.6060701@nbnet.nb.ca>
Date: Tue, 03 Mar 2009 23:06:41 -0400
From: Stephen Menard <smenard@...et.nb.ca>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Most secure internet exploration tool?
Nice Valdis
My cell phone provider asked me if I rebooted my blackberry
because there was an antenna SOS
on the display
talk about denial of service
with 9 missed calls
phuk
steve
yes i pay my bills
Valdis.Kletnieks@...edu wrote:
> On Tue, 03 Mar 2009 19:31:35 EST, bobby.mugabe@...hmail.com said:
>
>
>> code execution power hacks, etc). I would like to start a
>> discussion, weighing in every expert opinion on what the most
>> secure web browser is and why.
>>
>
> Does 'telnet www.example.com 80' or 'netcat' count as a browser? Do
> ascii-only things that only render static html count? Does a mainstream
> browser with javascript and/or plugins disabled count?
>
> You then get to do a similar analysis defining "secure". It isn't a binary
> yes/no - it's a continuum of different issues and relative importance, and
> different people may rank things in different orders. Somebody who is
> responsible for regulatory compliance probably cares more about data exposure
> and identity theft issues - but a browser crash resulting in no data loss
> isn't an issue. Meanwhile, the guy who has to run the help desk cares
> if an issue crashes browsers and generates phone calls (anybody who was working
> in a NOC when Nachi came around knows how fast the costs of an outage can
> pile up, even if no data is permanently lost).
>
> Gotta draw a boundary box if you want reasonable answers.
>
>
>> Also whether or not the underlying
>> operating system matters - is firefox more secure under BeOS than
>> mosaic under IBM's dos?
>>
>
> Again, you have to make a decision - if an exploit *did* manage to abuse
> a browser's code, but was then foiled by an OS security feature (ACLs, ASLR,
> SELinux, or whatever), does that count as "a secure browser", or "a secure OS"?
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists