RE: [Full-Disclosure] IE is just as safe as FireFox

From: Todd Towles (toddtowles_at_brookshires.com)
Date: 11/12/04

  • Next message: Todd Towles: "RE: [Full-Disclosure] dab@heise.de"
    To: "Rafel Ivgi, The-Insider" <theinsider@012.net.il>, <full-disclosure@lists.netsys.com>, <Colin.Scott@csplc.com>
    Date: Fri, 12 Nov 2004 09:09:50 -0600
    
    

    He can buy a product..or do a super fast rollout of SP2..but why should
    he? Microsoft should write better products...period. Everytime a Firefox
    exploit comes out..there is already a fix...is that magic? No..it is
    good coding...

    > -----Original Message-----
    > From: full-disclosure-admin@lists.netsys.com
    > [mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of
    > Rafel Ivgi, The-Insider
    > Sent: Friday, November 12, 2004 8:09 AM
    > To: full-disclosure@lists.netsys.com; Colin.Scott@csplc.com
    > Subject: Re: [Full-Disclosure] IE is just as safe as FireFox
    >
    > If you do have 14000 machines why don't you buy "Finjan's
    > Vital Security For Web"?
    > It will filter all malicious I.E exploits for all its
    > surfers(its a proxy, quite fast...)
    >
    > Or just use SUS(system update server (microsoft)) just like
    > any other administrator... to install sp2 or to just replace
    > the c:\windows\system32\shdocvw.dll with the patched one or
    > with sp2 one...
    >
    > Rafel Ivgi, The-Insider
    > Security Consultant
    > Malicious Code Research Center (MCRC)
    > Finjan Software LTD
    > E-mail: rivgi@Finjan.com
    > ---------------------------------
    > Prevention is the best cure!
    > ----- Original Message -----
    > From: <Colin.Scott@csplc.com>
    > To: <full-disclosure@lists.netsys.com>
    > Sent: Friday, November 12, 2004 12:46 PM
    > Subject: Re: [Full-Disclosure] IE is just as safe as FireFox
    >
    >
    > Oh yeah, I've got 14,000 Windows 2000 machines to update to
    > windows XP SP2,
    > hang on wheres that CD?
    >
    > So thanks for your infinate wisdom there Rafel.
    >
    > Colin.
    >
    >
    >
    >
    >
    >
    >
    >
    >
    >
    > "Rafel Ivgi,
    > The-Insider"
    > <theinsider@012.n To
    > et.il> <full-disclosure@lists.netsys.com>
    > Sent by: cc
    > full-disclosure-a
    > dmin@lists.netsys Subject
    > .com Re: [Full-Disclosure] IE is just as
    > safe as FireFox
    > 12/11/2004 06:44
    >
    >
    >
    > That is incorrect, there is a fix --> SP2.
    > Users should use the latest updated system, meaning if there
    > is an SP2,
    > they
    > should install it.
    >
    >
    > Rafel Ivgi, The-Insider
    > Security Consultant
    > Malicious Code Research Center (MCRC)
    > Finjan Software LTD
    > E-mail: rivgi@Finjan.com
    > ---------------------------------
    > Prevention is the best cure!
    > ----- Original Message -----
    > From: "Martin Mkrtchian" <dotsecure@gmail.com>
    > To: "Todd Towles" <toddtowles@brookshires.com>
    > Cc: "Mailing List - Full-Disclosure"
    > <full-disclosure@lists.netsys.com>;
    > <ring-of-fire@yahoogroups.com>
    > Sent: Friday, November 12, 2004 3:03 AM
    > Subject: Re: [Full-Disclosure] IE is just as safe as FireFox
    >
    >
    > > They should've at least released that statement after they
    > fixed the
    > > IE FRAME vulnerability. 0 day exploit is in the wild and no fix for
    > > it, yet they claim its secure enough.
    > >
    > > If the programmers are as smart as the company press
    > releasers, I can
    > > see why I.E. still sux.
    > >
    > >
    > > Martin
    > >
    > >
    > > On Thu, 11 Nov 2004 15:59:20 -0600, Todd Towles
    > > <toddtowles@brookshires.com> wrote:
    > >> Microsoft's security and mangement product manager (Ben English)
    > says...
    > >>
    > >> At a security roundtable discussion in Sydney on
    > Thursday, Ben English,
    > >> Microsoft's security and management product manager, told
    > attendees
    > that
    > >> IE undergoes "rigorous code reviews" and is no less
    > secure than any
    > >> other browser.
    > >>
    > >> "Because IE is ubiquitous, you hear a lot more about it,
    > but I don't
    > >> think that Internet Explorer is any less secure than any
    > other browser
    > >> out there," English said.
    > >>
    > >>
    > http://news.com.com/Microsoft+says+Firefox+not+a+threat+to+IE/
    > 2100-1032_
    > >> 3-5448719.html?part=dht&tag=ntop&tag=nl.e433
    > >>
    > >> Can anyone say IFRAME? Lol
    > >>
    > >> -Todd
    > >>
    > >> _______________________________________________
    > >> Full-Disclosure - We believe in it.
    > >> Charter: http://lists.netsys.com/full-disclosure-charter.html
    > >>
    > >
    > > _______________________________________________
    > > Full-Disclosure - We believe in it.
    > > Charter: http://lists.netsys.com/full-disclosure-charter.html
    >
    >
    >
    >
    >
    >
    > **************************************************************
    > ************************
    >
    > This e-mail is confidential and may contain privileged
    > information. If you
    > are not the addressee or if you have received the e-mail in
    > error, it may
    > be unlawful for you to read, copy, distribute, disclose or
    > otherwise use the
    > information which it contains. Under these circumstances,
    > please notify
    > us immediately by returning this mail to
    > 'mailerror@csplc.com' and deleting
    > this e-mail from your system.
    >
    > Any views expressed by an individual within this e-mail do
    > not necessarily
    > reflect the views of Cadbury Schweppes Plc or its
    > subsidiaries. Cadbury
    > Schweppes Plc will not be bound by any agreement entered into
    > as a result
    > of this email, unless its intention is clearly evidenced in
    > the body of the
    > email.
    > Whilst we have taken reasonable steps to ensure that this e-mail and
    > attachments are free from viruses, recipients are advised to
    > subject this
    > mail
    > to their own virus checking, in keeping with good computing
    > practice. Please
    > note that email received by Cadbury Schweppes Plc or its
    > subsidiaries may be
    > monitored in accordance with the prevailing law in the United Kingdom.
    >
    > **************************************************************
    > ************************
    >
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter: http://lists.netsys.com/full-disclosure-charter.html
    >
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter: http://lists.netsys.com/full-disclosure-charter.html
    >

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Todd Towles: "RE: [Full-Disclosure] dab@heise.de"