Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   NZ Computing (http://www.velocityreviews.com/forums/f47-nz-computing.html)
-   -   The hounds are after the fox. Great stuff (http://www.velocityreviews.com/forums/t572633-the-hounds-are-after-the-fox-great-stuff.html)

Gordon 10-23-2004 04:07 AM

The hounds are after the fox. Great stuff
 
There is a link off the mozilla.org page

http://www.mozillazine.org/talkback.html?article=5404

Quote In part

Mozilla and Other Browsers Vulnerable to Tabbed Browsing Spoofing Attack
Wednesday October 20th, 2004

Secunia has issued an advisory regarding tabbed browsing spoofing
vulnerabilities in the Mozilla series of browsers. One spoof involves
persuading the user to open a link to a trusted site in a new tab and then
opening a JavaScript input box that appears to come from the trusted site
when it actually sends its data back to the trickster. Another flaw again
requires the user to open a link to a trusted site in a new tab, though
this time the spoofer uses JavaScript to continually move focus back to a
form field on the malicious page without causing the active tab to change
from the trusted site. This means that a user who tries to enter form data
on the trusted page will instead be passing information to the attacker.
Slashdot has an article about this latest spoofing flaw, which also covers
other browser holes published by Secunia today. According to Secunia's
original tabbed browsing vulnerability advisory, the Mozilla Foundation
was informed on October 4th, sixteen days ago.

Unquote.

Now gentle people here is the "manufacturer" of a product saying look, our
product is not perfect.

If one reads between the lines it reads, people, we have a hole, let us
plug it. Ideas accepted.

MS would say privately, a hole, let us hope that no one finds out.

it is very good to see the many folks who see fit to attcak Firefox, for
it shows

a) That Firefox is a force eating away at their wallet
b) The ignore you and then laugh at you phases are over before version 1
is released.
c) The consumer, and Internet security is about to be lifted.

NB MS is late again to the party and it is only because of an attack on
their wallet that they feel the need to respond.

Max Burke 10-23-2004 05:22 AM

Re: The hounds are after the fox. Great stuff
 
Gordon scribbled:

> There is a link off the mozilla.org page
>
> http://www.mozillazine.org/talkback.html?article=5404
>
> Quote In part
>
> Mozilla and Other Browsers Vulnerable to Tabbed Browsing Spoofing
> Attack Wednesday October 20th, 2004


Do you know about this recently discovered 'hole' in Mozilla browsers
running on many major versions of Linux?
http://www.securityfocus.com/bid/11440

Snip the usual crap....

ALL OS'es have bugs; ALL OS'es require patching. All software running on
ANY OS has bugs. It's NOT something that is unique to Microsoft and
windows. Why do so many 'advocates' for *nix/OSS want this fact to be a
'****ing contest' as some sort of 'advocacy' for *nix/OSS is for them to
justify and explain. I personally would prefer that they/you NOT use
nz.comp and nz.general to justify and explain why they/you need to behave
this way as a *nix/OSS user/advocate......

--
mlvburke@xxxxxxxx.nz
Replace the obvious with paradise.net to email me
Found Images
http://homepages.paradise.net.nz/~mlvburke


thing 10-23-2004 05:51 AM

Re: The hounds are after the fox. Great stuff
 
Max Burke wrote:
> Gordon scribbled:
>
>> There is a link off the mozilla.org page
>>
>> http://www.mozillazine.org/talkback.html?article=5404
>>
>> Quote In part
>>
>> Mozilla and Other Browsers Vulnerable to Tabbed Browsing Spoofing
>> Attack Wednesday October 20th, 2004

>
>
> Do you know about this recently discovered 'hole' in Mozilla browsers
> running on many major versions of Linux?
> http://www.securityfocus.com/bid/11440


Well we could start off with,

Just about all the old versions, RH8.0, long superceeded....

RHAS2.1, while still supported/current old hat.

Mandrake 9.x, guess what we are on 10.0.

Its like saying win95/8 is vunerable....

Mind you I suppose its not a total list....

<shrug>

but there is an even more interesting one re: malformed inputs into most
non-IE browsers, now that looks nasty. It also rips into the comments
that Open source code is less vunerable because many eyes can/have seen
it. I await with a great deal of interest the examination and reply to
this bug.

While a piece of nasty code might result in a single user on a
Unix/Linux box being compromised, it is highly unlikely that it is going
to be a root exploit. Though not impossible, such a situation on
Linux/Unix is rare, a successful exploit tends to show less absolute
damage than a similar one on MS OS.....

>
> Snip the usual crap....
>
> ALL OS'es have bugs; ALL OS'es require patching. All software running
> on ANY OS has bugs. It's NOT something that is unique to Microsoft and
> windows. Why do so many 'advocates' for *nix/OSS want this fact to be a
> '****ing contest' as some sort of 'advocacy' for *nix/OSS is for them to
> justify and explain. I personally would prefer that they/you NOT use
> nz.comp and nz.general to justify and explain why they/you need to
> behave this way as a *nix/OSS user/advocate......


Maybe we are getting frustrated with dealing with yet another zero MS
virus getting into our networks. Or getting up early to patch yet more
critical vunerabilities on MS boxes when we are nervious that applying
the patch is going to munt the boxes, necessitating a rebuild and tape
restore.

Note I work on tru64, Solaris, Linux, BSD and Windows, Windows simply
causes me/us more pain than any of the rest combined.

Now the interesting questions are,

1) At what point does the pain get so bad MS gets ripped out?
2) Once we have a significant Linux global eco-system whether the pain
will be as bad putting us back to square one?

Although MS cliams MS is targetted because it is more popular, and it
would be as bad on Linux I have yet to see anything
quantifiable/tangable supporting that contention bar wishful thinking.

regards

Thing













Max Burke 10-23-2004 09:09 AM

Re: The hounds are after the fox. Great stuff
 
> thing scribbled:

>>Max Burke wrote:


>>> Gordon scribbled:


>>> There is a link off the mozilla.org page
>>> http://www.mozillazine.org/talkback.html?article=5404
>>> Quote In part
>>> Mozilla and Other Browsers Vulnerable to Tabbed Browsing Spoofing
>>> Attack Wednesday October 20th, 2004


>> Do you know about this recently discovered 'hole' in Mozilla browsers
>> running on many major versions of Linux?
>> http://www.securityfocus.com/bid/11440


> Well we could start off with,
> Just about all the old versions, RH8.0, long superceeded....
> RHAS2.1, while still supported/current old hat.
> Mandrake 9.x, guess what we are on 10.0.
> Its like saying win95/8 is vunerable....


Are you REALLY claiming that every Mozilla user is using the latest version?
REALLY?

> Maybe we are getting frustrated with dealing with yet another zero MS
> virus getting into our networks.


If they ARE getting on to your network then I could suggest you're not doing
your job very well....

> Or getting up early to patch yet more
> critical vunerabilities on MS boxes when we are nervious that applying
> the patch is going to munt the boxes, necessitating a rebuild and tape
> restore.


Well if I was to follow the criteria you 'apparently chose to follow [above]
then I wouldn't let any opensource OS or software on any of my computers.

I subscribe to several security email lists, and have several Linux/OSS
websites in my favourites list.
Going by what I read there I get daily securtity email lists about Windows,
*nix, etc and nearly those list far more *nix and OSS bugs than Microsoft
bugs...
Using *nix and OSS software requires almost DAILY updates and patches to fix
these numerous bugs and fixes....

How do YOU keep up with them all??????

ALL OS'es have bugs; ALL OS'es require patching. All software running on
ANY OS has bugs. It's NOT something that is unique to Microsoft and
windows. Why do so many 'advocates' for *nix/OSS want this fact to be a
'****ing contest' as some sort of 'advocacy' for *nix/OSS is for them to
justify and explain. I personally would prefer that they/you NOT use
nz.comp and nz.general to justify and explain why they/you need to behave
this way as a *nix/OSS user/advocate......

--
mlvburke@xxxxxxxx.nz
Replace the obvious with paradise.net to email me
Found Images
http://homepages.paradise.net.nz/~mlvburke


nick 10-23-2004 10:12 AM

Re: The hounds are after the fox. Great stuff
 

"Max Burke" <mlvburke@xxxxxxxxx.nz> wrote in message
news:odped.13548$mZ2.804418@news02.tsnz.net...
>
> How do YOU keep up with them all??????
>


You only have to keep up with the ones you use.
Windows Update only does basic stuff.
Most linux distros can update every installed application with a single
command.



Peter Ashby 10-23-2004 05:17 PM

Re: The hounds are after the fox. Great stuff
 
Max Burke <mlvburke@xxxxxxxxx.nz> wrote:

> Gordon scribbled:
>
> > There is a link off the mozilla.org page
> >
> > http://www.mozillazine.org/talkback.html?article=5404
> >
> > Quote In part
> >
> > Mozilla and Other Browsers Vulnerable to Tabbed Browsing Spoofing
> > Attack Wednesday October 20th, 2004

>
> Do you know about this recently discovered 'hole' in Mozilla browsers
> running on many major versions of Linux?
> http://www.securityfocus.com/bid/11440
>
> Snip the usual crap....
>
> ALL OS'es have bugs; ALL OS'es require patching. All software running on
> ANY OS has bugs. It's NOT something that is unique to Microsoft and
> windows. Why do so many 'advocates' for *nix/OSS want this fact to be a
> '****ing contest' as some sort of 'advocacy' for *nix/OSS is for them to
> justify and explain. I personally would prefer that they/you NOT use
> nz.comp and nz.general to justify and explain why they/you need to behave
> this way as a *nix/OSS user/advocate......


Of course instead of missing the point you could realise the point was
not the existence of bugs but how different companies/organisations deal
with them. But putting up strawman arguments instead are so much easier
aren't they?

Peter
--
Add my middle initial to email me. It has become attached to a country

Allistar 10-23-2004 08:02 PM

Re: The hounds are after the fox. Great stuff
 
Max Burke wrote:

>> thing scribbled:


[snip]

> I subscribe to several security email lists, and have several Linux/OSS
> websites in my favourites list.
> Going by what I read there I get daily securtity email lists about
> Windows,
> *nix, etc and nearly those list far more *nix and OSS bugs than Microsoft
> bugs...
> Using *nix and OSS software requires almost DAILY updates and patches to
> fix these numerous bugs and fixes....
>
> How do YOU keep up with them all??????


emerge sync && emerge -pv world

Allistar.

Max Burke 10-23-2004 09:54 PM

Re: The hounds are after the fox. Great stuff
 
> nick scribbled:

>> Max Burke wrote:


>> How do YOU keep up with them all??????


> You only have to keep up with the ones you use.
> Windows Update only does basic stuff.


I didn't ask WHAT you had to keep up with......

> Most linux distros can update every installed application with a
> single command.


Every day?

--
mlvburke@xxxxxxxx.nz
Replace the obvious with paradise.net to email me
Found Images
http://homepages.paradise.net.nz/~mlvburke

Max Burke 10-23-2004 09:56 PM

Re: The hounds are after the fox. Great stuff
 
> Peter Ashby scribbled:

>> Max Burke wrote:


>> Gordon scribbled:


> There is a link off the mozilla.org page
> http://www.mozillazine.org/talkback.html?article=5404
> Quote In part
> Mozilla and Other Browsers Vulnerable to Tabbed Browsing Spoofing
> Attack Wednesday October 20th, 2004


>> Do you know about this recently discovered 'hole' in Mozilla browsers
>> running on many major versions of Linux?
>> http://www.securityfocus.com/bid/11440
>> Snip the usual crap....
>> ALL OS'es have bugs; ALL OS'es require patching. All software
>> running on ANY OS has bugs. It's NOT something that is unique to
>> Microsoft and windows. Why do so many 'advocates' for *nix/OSS want
>> this fact to be a '****ing contest' as some sort of 'advocacy' for
>> *nix/OSS is for them to justify and explain. I personally would
>> prefer that they/you NOT use nz.comp and nz.general to justify and
>> explain why they/you need to behave this way as a *nix/OSS
>> user/advocate......


> Of course instead of missing the point you could realise the point was
> not the existence of bugs but how different companies/organisations
> deal with them.


No Peter, Gordons post was just another Microsoft bashing post.
Funny how you deliberately ignored that....

--
mlvburke@xxxxxxxx.nz
Replace the obvious with paradise.net to email me
Found Images
http://homepages.paradise.net.nz/~mlvburke

Max Burke 10-23-2004 09:59 PM

Re: The hounds are after the fox. Great stuff
 
> Allistar scribbled:

>> Max Burke wrote:
>> I subscribe to several security email lists, and have several
>> Linux/OSS websites in my favourites list.
>> Going by what I read there I get daily securtity email lists about
>> Windows,
>> *nix, etc and nearly those list far more *nix and OSS bugs than
>> Microsoft bugs...
>> Using *nix and OSS software requires almost DAILY updates and
>> patches to fix these numerous bugs and fixes....
>> How do YOU keep up with them all??????


> emerge sync && emerge -pv world



Every day?
And how do you know what it's installing, what it's fixing, if it actually
fixes that bugs, that it's compatiable, that it wont cause problems for
yourself or your users...
It's not a very 'safe' way to keep up to date is it....

--
mlvburke@xxxxxxxx.nz
Replace the obvious with paradise.net to email me
Found Images
http://homepages.paradise.net.nz/~mlvburke



All times are GMT. The time now is 03:17 AM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.