Re: Another Scripting Hole In Microsoft IE Exposes Local Files

From: Alun Jones (alun@texis.com)
Date: 01/07/02

• Next message: Jo: "Organization Wide Security Certs"
• Previous message: JWMeritt: "Article: Tiny Slices Of Opportunity for Jobless Techies (washingtonpost.com)"
• In reply to: Walter Dnes: "Re: Another Scripting Hole In Microsoft IE Exposes Local Files"
• Next in thread: Jerry Leslie: "Re: Another Scripting Hole In Microsoft IE Exposes Local Files"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: alun@texis.com (Alun Jones)
Date: Mon, 07 Jan 2002 14:58:50 GMT

In article <a1b70d$tqc$1@news.tht.net>, waltdnes@waltdnes.org wrote:
>On 4 Jan 2002 18:47:24 GMT, Bernd Eckenfels, <usenet2001-12@lina.inka.de>
> wrote:
>
>> sure, but if i compromise opera, I do have the same rights to
>> do malicious stuff like i would had, if i compromise IE. Same
>> is true for netscape.
>
> When NIMDA was running rampant, it infected many victims *WHO MERELY
>VIEWED AN INFECTED WEBPAGE*. How many such problems has Netscape had ?

Again, the discussion is not concerning past compromises, but the ability of a
future compromise in either browser to do the same thing. Assuming that your
browser gets compromised, in other words, it doesn't matter which browser you
have. That argument is not negated by saying "but IE has had more compromises
in the past". We all _know_ that IE has had more compromises. The point
being addressed is that an IE compromise is no more destructive to an IE user
than a Netscape compromise is to a Netscape user.

Alun.
~~~~

[Note that answers to questions in newsgroups are not generally
invitations to contact me personally for help in the future.]

-- 
Texas Imperial Software   | Try WFTPD, the Windows FTP Server. Find us at
1602 Harvest Moon Place   | http://www.wftpd.com or email alun@texis.com
Cedar Park TX 78613-1419  | VISA/MC accepted.  NT-based sites, be sure to
Fax/Voice +1(512)258-9858 | read details of WFTPD Pro for NT.

---

• Next message: Jo: "Organization Wide Security Certs"
• Previous message: JWMeritt: "Article: Tiny Slices Of Opportunity for Jobless Techies (washingtonpost.com)"
• In reply to: Walter Dnes: "Re: Another Scripting Hole In Microsoft IE Exposes Local Files"
• Next in thread: Jerry Leslie: "Re: Another Scripting Hole In Microsoft IE Exposes Local Files"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Root toolkits on Windows ... There are a number security issues with NTFS. ... but this class of tools is by no means a new threat. ... compromise, and how to respond when an exploit occurs. ... Currently the web browser is the #1 tool for exploitation. ... (alt.computer.security) Re: IE 6 and Outlook Express Terminally Compromised??? ... The patches are useless (in most ... > I'm not sure if it ends just in the IE 6 browser; ... > Microsoft needs to reconstruct the ENTIRE IE 6 browser, ... > should be aware of a potential OS Kernel Compromise, ... (microsoft.public.windows.inetexplorer.ie6.browser) [Full-disclosure] 0DAY: QuickTime pwns Firefox ... result of this vulnerability can lead to full compromise of the ... browser and maybe even the underlaying operating system. ... In practice I can do anything with the browser, ... (Full-Disclosure)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)