Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-Disclosure] IE Web Browser: "Sitting Duck"

from [Georgi Guninski] Network Security [Permanent Link]
Subject: Re: [Full-Disclosure] IE Web Browser: "Sitting Duck"
Date: Wed, 30 Jun 2004 12:46:13 +0300 
since CERT are "federally funded" does their advise mean it is "un-American"
to use internet explorer?

georgi

On Tue, Jun 29, 2004 at 09:25:32AM -0500, Edge, Ronald D wrote:

Even CERT has issued an advisory that is really quite amazing in its
bluntness:
      http://www.kb.cert.org/vuls/id/713878
which was last updated June 25, 2004 in the wake of the download.ject
attack by what appears to have been Russian criminal gangs out of a web
site now shut down in Russia.

"Use a different web browser"
"There are a number of significant vulnerabilities in technologies
relating to the IE domain/zone security model, the DHTML object model,
MIME type determination, and ActiveX. It is possible to reduce exposure
to these vulnerabilities by using a different web browser, especially
when browsing untrusted sites. Such a decision may, however, reduce the
functionality of sites that require IE-specific features such as DHTML,
VBScript, and ActiveX. Note that using a different web browser will not
remove IE from a Windows system, and other programs may invoke IE, the
WebBrowser ActiveX control, or the HTML rendering engine (MSHTML). "
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-Disclosure] PIX vs CheckPoint, Cyril Guibourg
Next by Date:  Re: [Full-Disclosure] Tools for checking for presence of adware remotely, Harlan Carvey
Previous by Thread:  [Full-Disclosure] IE Web Browser: "Sitting Duck", Edge, Ronald D
Next by Thread:  [Full-Disclosure] SSH vs. TLS, dante
Indexes:  [Date] [Thread] [Top] [All Lists]