lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <1270825642.9bca4c3cJeff-Kell@utc.edu>
Date: Fri, 09 Apr 2010 11:07:22 -0400
From: "Jeff Kell" <Jeff-Kell@....edu>
To: uuf6429@...il.com
Cc: full-disclosure@...ts.grok.org.uk, mustlive@...security.com.ua,
	Valdis.Kletnieks@...edu
Subject: Re: Vulnerabilities in phpCOIN

Amen to that.  Everything seems to be delivered for installation and even increasingly with *each* update, carrying various "hitch hiker" applications... toolbars, trial software, etc.

Sun Java updates installing toolbars, Adobe doing toolbars, even FoxIT installed some toolbars (even after I said no) with the last update.

If not a toolbar, then a $^@...# "download manager".  Adobe has one that insists on being installed (which had it's own set of exploits already).  Even Cisco's support site wants to install a 47-click java applet to get an IOS update these days.

I'd like to set the wayback machine for the non-web-2.0, straightforward command line days :-)

Jeff

-----Original Message-----
From: Christian Sciberras <uuf6429@...il.com>

I think Universities should rethink their Software Development courses...

Valdis has got a very strong point. Here's my own. I got Safari to test
websites I develop.
Apple seems to think that during a recommended/critical Safari update, I
should be installing iTunes.
Oh, and surprise, with iTunes you get a couple of Apple Sync'ing services,
not to mention some hidden server.
It isn't *just* Apple, it's Linux, Microsoft and just about any other
company.
Microsoft forces you to get Desktop search (and turn on the indexing
service, which has its own set of exploits and slows the computer down *a
lot*).

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ