lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 09 Apr 2010 11:07:22 -0400 From: "Jeff Kell" <Jeff-Kell@....edu> To: uuf6429@...il.com Cc: full-disclosure@...ts.grok.org.uk, mustlive@...security.com.ua, Valdis.Kletnieks@...edu Subject: Re: Vulnerabilities in phpCOIN Amen to that. Everything seems to be delivered for installation and even increasingly with *each* update, carrying various "hitch hiker" applications... toolbars, trial software, etc. Sun Java updates installing toolbars, Adobe doing toolbars, even FoxIT installed some toolbars (even after I said no) with the last update. If not a toolbar, then a $^@...# "download manager". Adobe has one that insists on being installed (which had it's own set of exploits already). Even Cisco's support site wants to install a 47-click java applet to get an IOS update these days. I'd like to set the wayback machine for the non-web-2.0, straightforward command line days :-) Jeff -----Original Message----- From: Christian Sciberras <uuf6429@...il.com> I think Universities should rethink their Software Development courses... Valdis has got a very strong point. Here's my own. I got Safari to test websites I develop. Apple seems to think that during a recommended/critical Safari update, I should be installing iTunes. Oh, and surprise, with iTunes you get a couple of Apple Sync'ing services, not to mention some hidden server. It isn't *just* Apple, it's Linux, Microsoft and just about any other company. Microsoft forces you to get Desktop search (and turn on the indexing service, which has its own set of exploits and slows the computer down *a lot*). _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists