Phishing vulnerability in Internet Explorer 7

Discussion in 'Computer Support' started by Au79, Mar 17, 2007.

  1. Au79

    Au79 Guest

    Au79, Mar 17, 2007
    #1
    1. Advertising

  2. Au79 wrote:
    > heise Security - London,UK
    >
    > ... Internet Explorer 7 under Vista and XP is affected. Until there is
    > a solution ...
    >
    > Switch to Firefox!


    I already have, but you are still an idiot.
     
    =?ISO-8859-1?Q?R=F4g=EAr?=, Mar 17, 2007
    #2
    1. Advertising

  3. Au79

    Fuzzy Logic Guest

    Au79 <> wrote in news:ZMIKh.2248$:

    > heise Security - London,UK
    >
    > ... Internet Explorer 7 under Vista and XP is affected. Until there is
    > a solution ...
    >
    > Switch to Firefox!
    >
    ><http://www.heise-security.co.uk/news/86851>
    >


    Switching is NOT a solution to security. Learning the security basics is. Firefox has recently been updated to
    address it's many security issues:

    http://www.mozilla.org/projects/security/known-vulnerabilities.html

    No browser is 100% safe so find a browser YOU like, learn and use it's security features, keep it and your OS
    patched and practice safe computing and you are likely as safe as you can be.
     
    Fuzzy Logic, Mar 20, 2007
    #3
  4. Au79

    Au79 Guest

    Fuzzy Logic wrote:

    > Au79 <> wrote in news:ZMIKh.2248$:
    >
    >> heise Security - London,UK
    >>
    >> ... Internet Explorer 7 under Vista and XP is affected. Until there is
    >> a solution ...
    >>
    >> Switch to Firefox!
    >>
    >><http://www.heise-security.co.uk/news/86851>
    >>

    >
    > Switching is NOT a solution to security.


    Yes it is.

    As a consumer, I want the most secure product available. IE is a grab-bag of
    bugs and holes.


    > Learning the security basics is.


    Part of learning the basics of good security is knowing what products are
    more secure by design. Clearly Firefox is MORE secure than IE6-7.

    > Firefox has recently been updated to address it's many security issues:
    >
    > http://www.mozilla.org/projects/security/known-vulnerabilities.html
    >


    Good, all the more reason to switch. In the mean time IE has not been
    patched.

    > No browser is 100% safe


    But some ARE safer than others. Select wisely.

    > so find a browser YOU like


    Funny thing, IE7 ripped off just about all the features of Firefox 1.0 but I
    still like Firefox better.

    > , learn and use it's
    > security features, keep it and your OS patched and practice safe computing
    > and you are likely as safe as you can be.


    You are not as secure as you can be with windos and IE.

    --
    ....................
    http://www.vanwensveen.nl/rants/microsoft/IhateMS.html
    http://rixstep.com/1/20040719,00.shtml
    http://free.thelinuxstore.ca/
     
    Au79, Mar 21, 2007
    #4
  5. Au79

    Fuzzy Logic Guest

    Au79 <> wrote in news:S6dMh.3035$:

    > Fuzzy Logic wrote:
    >
    >> Au79 <> wrote in news:ZMIKh.2248$:
    >>
    >>> heise Security - London,UK
    >>>
    >>> ... Internet Explorer 7 under Vista and XP is affected. Until there is
    >>> a solution ...
    >>>
    >>> Switch to Firefox!
    >>>
    >>><http://www.heise-security.co.uk/news/86851>
    >>>

    >>
    >> Switching is NOT a solution to security.

    >
    > Yes it is.
    >
    > As a consumer, I want the most secure product available. IE is a
    > grab-bag of bugs and holes.


    As a consumer I want choices. I will choose a product that best meets MY needs. Security is only one of
    many requirements in a web browser. FWIW I don't use IE or FF as neither of them meet MY needs.

    >> Learning the security basics is.

    >
    > Part of learning the basics of good security is knowing what products
    > are more secure by design. Clearly Firefox is MORE secure than IE6-7.
    >
    >> Firefox has recently been updated to address it's many security issues:
    >>
    >> http://www.mozilla.org/projects/security/known-vulnerabilities.html
    >>

    > Good, all the more reason to switch. In the mean time IE has not been
    > patched.
    >
    >> No browser is 100% safe

    >
    > But some ARE safer than others. Select wisely.
    >
    >> so find a browser YOU like

    >
    > Funny thing, IE7 ripped off just about all the features of Firefox 1.0
    > but I still like Firefox better.


    And Firefox ripped of Opera.

    >> , learn and use it's
    >> security features, keep it and your OS patched and practice safe
    >> computing and you are likely as safe as you can be.

    >
    > You are not as secure as you can be with windos and IE.


    There are always tradeoffs between security and functionality. What's best for you may be useless to me
    and vice versa.

    If we were to say that Firefox is 98.5% secure and IE is 97.5% secure but renders all the pages that I visit
    properly and I don't need to install any software and if I can avoid the 2.5% of bad things by simply
    practicing safe surfing why should I used Firefox?
     
    Fuzzy Logic, Mar 21, 2007
    #5
  6. Au79

    Au79 Guest

    Fuzzy Logic wrote:

    > Au79 <> wrote in news:S6dMh.3035$:
    >
    >> Fuzzy Logic wrote:
    >>
    >>> Au79 <> wrote in news:ZMIKh.2248$:
    >>>
    >>>> heise Security - London,UK
    >>>>
    >>>> ... Internet Explorer 7 under Vista and XP is affected. Until there is
    >>>> a solution ...
    >>>>
    >>>> Switch to Firefox!
    >>>>
    >>>><http://www.heise-security.co.uk/news/86851>
    >>>>
    >>>
    >>> Switching is NOT a solution to security.

    >>
    >> Yes it is.
    >>
    >> As a consumer, I want the most secure product available. IE is a
    >> grab-bag of bugs and holes.

    >
    > As a consumer I want choices. I will choose a product that best meets MY
    > needs. Security is only one of many requirements in a web browser. FWIW I
    > don't use IE or FF as neither of them meet MY needs.
    >
    >>> Learning the security basics is.

    >>
    >> Part of learning the basics of good security is knowing what products
    >> are more secure by design. Clearly Firefox is MORE secure than IE6-7.
    >>
    >>> Firefox has recently been updated to address it's many security issues:
    >>>
    >>> http://www.mozilla.org/projects/security/known-vulnerabilities.html
    >>>

    >> Good, all the more reason to switch. In the mean time IE has not been
    >> patched.
    >>
    >>> No browser is 100% safe

    >>
    >> But some ARE safer than others. Select wisely.
    >>
    >>> so find a browser YOU like

    >>
    >> Funny thing, IE7 ripped off just about all the features of Firefox 1.0
    >> but I still like Firefox better.

    >
    > And Firefox ripped of Opera.
    >
    >>> , learn and use it's
    >>> security features, keep it and your OS patched and practice safe
    >>> computing and you are likely as safe as you can be.

    >>
    >> You are not as secure as you can be with windos and IE.

    >
    > There are always tradeoffs between security and functionality. What's best
    > for you may be useless to me and vice versa.
    >
    > If we were to say that Firefox is 98.5% secure and IE is 97.5%


    To insinuate that Firefox is only slightly more secure is missleading, I
    understand that these are only hypothetical numbers and that you are a big
    microserv, but lets not give the wrong impression. We can say that Firefox
    advantages over IE can be quantified and be considered significant.

    > secure but
    > renders all the pages that I visit properly


    Any page that is W3C standards compliant will render properly. Pages
    designed with proprietary IE extentions should be considered suspect and
    not worth the risk.

    > and I don't need to install
    > any software and if I can avoid the 2.5% of bad things by simply
    > practicing safe surfing why should I used Firefox?


    2.5%?? Boy are you a dreamer.

    --
    ....................
    http://www.vanwensveen.nl/rants/microsoft/IhateMS.html
    http://rixstep.com/1/20040719,00.shtml
    http://free.thelinuxstore.ca/
     
    Au79, Mar 22, 2007
    #6
  7. Au79

    Fuzzy Logic Guest

    Au79 <> wrote in news:QSmMh.3132$:

    > Fuzzy Logic wrote:
    >
    >> Au79 <> wrote in news:S6dMh.3035$:
    >>
    >>> Fuzzy Logic wrote:
    >>>
    >>>> Au79 <> wrote in news:ZMIKh.2248$:
    >>>>
    >>>>> heise Security - London,UK
    >>>>>
    >>>>> ... Internet Explorer 7 under Vista and XP is affected. Until there is
    >>>>> a solution ...
    >>>>>
    >>>>> Switch to Firefox!
    >>>>>
    >>>>><http://www.heise-security.co.uk/news/86851>
    >>>>>
    >>>>
    >>>> Switching is NOT a solution to security.
    >>>
    >>> Yes it is.
    >>>
    >>> As a consumer, I want the most secure product available. IE is a
    >>> grab-bag of bugs and holes.

    >>
    >> As a consumer I want choices. I will choose a product that best meets MY
    >> needs. Security is only one of many requirements in a web browser. FWIW I
    >> don't use IE or FF as neither of them meet MY needs.
    >>
    >>>> Learning the security basics is.
    >>>
    >>> Part of learning the basics of good security is knowing what products
    >>> are more secure by design. Clearly Firefox is MORE secure than IE6-7.


    For an interesting read:

    http://en.wikipedia.org/wiki/Computer_security

    I love this quote:

    The early Multics operating system was notable for its early emphasis on computer security by design, and
    Multics was possibly the very first operating system to be designed as a secure system from the ground up. In
    spite of this, Multics' security was broken, not once, but repeatedly.

    >>>> Firefox has recently been updated to address it's many security issues:
    >>>>
    >>>> http://www.mozilla.org/projects/security/known-vulnerabilities.html
    >>>>
    >>> Good, all the more reason to switch. In the mean time IE has not been
    >>> patched.
    >>>
    >>>> No browser is 100% safe
    >>>
    >>> But some ARE safer than others. Select wisely.
    >>>
    >>>> so find a browser YOU like
    >>>
    >>> Funny thing, IE7 ripped off just about all the features of Firefox 1.0
    >>> but I still like Firefox better.

    >>
    >> And Firefox ripped of Opera.
    >>
    >>>> , learn and use it's
    >>>> security features, keep it and your OS patched and practice safe
    >>>> computing and you are likely as safe as you can be.
    >>>
    >>> You are not as secure as you can be with windos and IE.

    >>
    >> There are always tradeoffs between security and functionality. What's best
    >> for you may be useless to me and vice versa.
    >>
    >> If we were to say that Firefox is 98.5% secure and IE is 97.5%

    >
    > To insinuate that Firefox is only slightly more secure is missleading, I
    > understand that these are only hypothetical numbers and that you are a big
    > microserv, but lets not give the wrong impression. We can say that Firefox
    > advantages over IE can be quantified and be considered significant.


    Not even Window Snyder (head of security at Mozilla) will state that Firefox is 'more secure' than IE:

    Is Firefox more secure than Microsoft's Internet Explorer?

    Snyder: This gets into how you measure security. I think one of the most important metrics of security is days
    of risk: How long does it take for a vendor to get a patch out to its customers? Then, once the patch is
    available, how long does it take to deploy it?

    I think Mozilla has made the number of days between the time a vulnerability is identified and a patch is available
    incredibly small, and it is shrinking.

    Source <http://news.com.com/2102-7355_3-6117896.html?tag=st.util.print>

    Whenever I see 'more secure' I think marketing ploy. Paranoia sells, especially since 9-11. It worked for George
    Bush and it also works for software companies. Unfortunately it's very difficult to quantify security. There are
    numerous metrics but in the end they don't mean much. This is similar to the days when stereos were sold
    based on how many watts they produced. While this is important to a minor degree it has very little to do with
    how well the amplifier will sound. Why would you buy an amplifier that made 60 watts when for the same price
    you could get one that made 100 watts? Then there is the fiasco with the kryptonite bike locks that were
    obviously 'more secure' until someone found a simple hack they suddenly transformed them into junk
    (reference <http://www.wired.com/news/culture/0,1284,64987,00.html>). Simply installing one bad extension
    in Firefox can defeat any security that the browser has as there is zero validation for Firefox extensions
    (references <http://news.zdnet.co.uk/security/0,1000000189,39210075,00.htm>
    <http://www.rietta.com/firefox/Tutorial/security.html>)

    So I agree with Window that it's very difficult to say which is 'more secure'. Browser security (as well as OS
    security) is a moving target as flaws are discovered and patched and if you bring in other factors to the mix
    (extensions, OS version and patch level) it's very difficult to say at any given time which is 'more secure'. On
    top of this almost all security can be rendered useless with a little social engineering. So ulitimately your
    security depends more on you than the software you use.

    Here are some interesting metrics from Symantic's most recent Internet Security Threat Report:

    Between January 1 and June 30, 2006, the home user sector was the most highly targeted sector, accounting
    for 86% of all targeted attacks. As computers in the home users sector are less likely to have well established
    security measures and practices in place than other sectors, they are much more vulnerable to targeted
    attacks.

    Mozilla browsers had the most vulnerabilities, 47, compared to 38 in Microsoft Internet Explorer.

    Internet Explorer had an average window of exposure of nine days, the largest of any Web browser. Apple
    Safari averaged five days, followed by Opera with two days and Mozilla with one day.

    Source <http://www.symantec.com/enterprise/theme.jsp?themeid=threatreport>

    If we were to use just one metric to say which browser is 'more secure' and we choose number of
    vulnerabilities IE is more secure. If we choose days of exposure it would be FF. IMO they are both very secure
    and what ulitimately makes one 'more secure' over the other is the user. If they keep their systems patched and
    practice safe computing they are likely as secure as they can be. That's why Symantec talks about security
    measures and practices as the major factor affecting home users and not the software they use. So once
    again I saying switching browsers/OS's will NOT help these people. They need to learn the basics of security
    first.

    >> secure but
    >> renders all the pages that I visit properly

    >
    > Any page that is W3C standards compliant will render properly. Pages
    > designed with proprietary IE extentions should be considered suspect and
    > not worth the risk.


    That's one way to look at it. In the real world many of these are valid business sites that people need to use on
    a regular basis.

    >> and I don't need to install
    >> any software and if I can avoid the 2.5% of bad things by simply
    >> practicing safe surfing why should I used Firefox?

    >
    > 2.5%?? Boy are you a dreamer.


    Since I started with fictional numbers of 98.5% for FF and 97.5% for IE the left over for IE is 2.5%. It's just math.
     
    Fuzzy Logic, Mar 22, 2007
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Tony Raven

    Firefox Phishing vulnerability

    Tony Raven, Jan 7, 2005, in forum: Firefox
    Replies:
    1
    Views:
    479
    Michel Doucet
    Jan 7, 2005
  2. Imhotep
    Replies:
    6
    Views:
    605
    Imhotep
    Dec 21, 2005
  3. Imhotep
    Replies:
    16
    Views:
    1,156
    Imhotep
    Jun 3, 2006
  4. Imhotep
    Replies:
    0
    Views:
    474
    Imhotep
    May 27, 2006
  5. Imhotep
    Replies:
    0
    Views:
    508
    Imhotep
    Jun 3, 2006
Loading...

Share This Page