Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Full-Disclosure] (IE/SCOB) Switching Software Because of Bugs: Some

from [Drew Copley] Network Security [Permanent Link]
Subject: RE: [Full-Disclosure] (IE/SCOB) Switching Software Because of Bugs: Some Facts About Software and Security bugs
Date: Wed, 30 Jun 2004 15:28:24 -0700 
Look, it was a long paper, and some people may get the
wrong idea about what I am saying, so let me briefly note:

-> You probably should change browsers because of the way
Microsoft is fixing their bugs right now
-> All applications have bugs, yes, Internet Explorer has
a huge "landscape", but so does Mozilla, remember
-> All I am saying is: Don't think other software is
secure just because its' competition had bugs found in
it. 

I often see people recommending this when large bugs
are found in competing software. It totally bypasses
the fact that people find these bugs, the software does
not make it easy. It may appear easy to find these bugs,
the researchers may make it look easy: but, why then can
not anyone else find them.

The researchers should get some credit, even if they
tend to not give themselves any.

The whole concept of bugfinding as the core of security
is completely removed from the public's understanding
of research. When they do think of a "hacker", they think
of script kiddies that run things others made.

That is my motivation for saying these things. Educational
references. 


-----Original Message-----
From: Ron DuFresne [mailto:dufresne@winternet.com] 
Sent: Wednesday, June 30, 2004 3:14 PM
To: Drew Copley
Cc: ntbugtraq@listserv.ntbugtraq.com; 
bugtraq@securityfocus.com; full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] (IE/SCOB) Switching Software 
Because of Bugs: Some Facts About Software and Security bugs



The mere fact that mozilla or firefox or netscape are not 
core components
of the windows OS is actuallky reason enough to choose to change
browsers, despite the bad hype and bug researchers with a 
thing against m$
and all the rest of the gunk.

Thanks,


Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
      ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-Disclosure] (IE/SCOB) Switching Software Because of Bugs: Some Facts About Software and Security bugs, Ron DuFresne
Next by Date:  [Full-Disclosure] Misinformation on Scob/aaMSJect Corraaected, Drew Copley
Previous by Thread:  RE: [Full-Disclosure] (IE/SCOB) Switching Software Because of Bugs: Some Facts About Software and Security bugs, Drew Copley
Next by Thread:  RE: [Full-Disclosure] (IE/SCOB) Switching Software Because of Bugs: Some Facts About Software and Security bugs, Drew Copley
Indexes:  [Date] [Thread] [Top] [All Lists]