Re: [Full-Disclosure] Interesting side effect of the new IE patch
From: Daniele Muscetta (daniele_at_muscetta.com)
Date: 02/05/04
- Previous message: SGI Security Coordinator: "IRIX userland binary vulnerabilities update"
- In reply to: Stefan Esser: "Re: [Full-Disclosure] Interesting side effect of the new IE patch"
- Next in thread: InCisT: "Re: [Full-Disclosure] Interesting side effect of the new IE patch"
- Reply: InCisT: "Re: [Full-Disclosure] Interesting side effect of the new IE patch"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <s.esser@e-matters.de> Date: Thu, 5 Feb 2004 20:54:19 +0100 (CET)
Stefan Esser said:
> Hello,
>
>> FIAT (the famous Italian CAR producer) invested quite an amount of
>> money and effort in lauching the promotional site:
>> http://www.buy@fiat.com
>>
>> ....I think they must not be very happy now..... :(
>
> Of course they are not happy now. Like a lot of other people who relied
> on this standard. It is really sad, that Microsoft removes features
> because they are to lazy to think up other solutions.
They are just RUSHING to close as may bugs as possible.... and as always
happens when fixing things afterwards intead of designing them in from the
beginning, things either break, or settings that get closed have to be
re-opened again.
Another issue I personally encountered some days ago was an application
which all of a sudden stopped working after having applied SP4 (on a
windows 2000 server), because of the NEW user rights they introduced:
http://support.microsoft.com/default.aspx?kbid=821546
which might have been nice to have from the beginning, so that people
would have not written applications that require that right in the first
place.Now, while waiting for a new version of that application to be released
(if and when this is going to happen)... all one has to do is to
EXPLICITLY GRANT that right to all of the users on that machine.....
practically reverting the machine to the inseure setting it had before
SP4.
Same applies for the 'security enhanced configuration' of IExplore in
Windows 2003.... which is SO tight that not even their own windowsupdate
works..... which results in people uninstalling it....
> (Oh yeah and this is not a Microsoft only problem, or why do f.e.
> openssh/openssl allow RSA keys without passphrases?)
Indeed.
But it is the continuos struggle between security and usability....
> Ohh yes and I choose the word standard, because standard is not what
> some RFC/paper dictates, but what the majority of people (or browsers)
> use (support). NTSC would not exist otherwise, because NTSC was NOT the
> official standard for color television in the beginning.
I don't know, we have PAL ;)
Regards,
Daniele Muscetta
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: SGI Security Coordinator: "IRIX userland binary vulnerabilities update"
- In reply to: Stefan Esser: "Re: [Full-Disclosure] Interesting side effect of the new IE patch"
- Next in thread: InCisT: "Re: [Full-Disclosure] Interesting side effect of the new IE patch"
- Reply: InCisT: "Re: [Full-Disclosure] Interesting side effect of the new IE patch"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
