| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
Firefox drawing fans away from Microsoft IE | |
|
||
| Time: 11:22 EST/16:22 GMT | News Source: CNET | Posted By: Robert Stein | ||
|
Open-source browsers Mozilla and Firefox have won over a significant number of defectors from Microsoft's Internet Explorer in the past nine months, Web site metrics suggest. The gains for Firefox, which was released in a version 1.0 preview on Tuesday, and for Mozilla are most noticeable at Web sites popular by geek-chic early adopters. For example, W3Schools.com, a Web development tutorial site found that Mozilla-based browsers were used by 18 percent of its visitors in September, up from 8 percent in January. Internet Explorer use dropped to 75 percent from 84 percent in the same period. | ||
|
Write Comment
Return to News |
Displaying 26 through 50 of 334 Prev | Last | Next |
The time now is
9:34:46 AM
ET.
Any comment problems? E-mail us |
| #26 By 23275 (68.17.42.38) at 9/19/2004 10:17:06 AM |
|
#44, No FUD - wish it were. Cleaning up rooted boxes is no joy and neither is patching a mix of systems - finding compatible RPM's is often challenging. None of the systems involved were used for anything but business and none were exposed to anything more than very careful administration - in fact, urgent recommendations to update SSH dating back to October of 2003 were in all but a few client cases, ignored. Arbitrary code execution and escalated permissions using exploits against SSH resulted in some real messes. Fully patched systems were fine, but did call into question the actual security present within OpenSSH and most especially Red Hat's implementation of it. It seems that a presumption that OpenSSH was secure, led to a near disastor. Again, careful inspections revealed the exploit and it was mitigated and then reversed. If it were the first time I might not be so concerned, but I have been encountering it with increasing regularity. So far, the exploit has been shown to impact Red Hat AS, Suse 7.1 to 7.3 and FreeBSD - pretty much any OpenSSH implementation before 3.7 and one even impacting 3.9 - for which there is no patch, but limiting out-bound access SSH to one or two locations and setting privsep to true seems to have helped. I am very reluctant to show exactly how it is done <the exploit> because it might be used by many to hurt even more people - I would however very strongly stress that admins carefully review
their use of OpenSSH and restrict access to it to a very few well known and fixed locations - especially controlling out-bound connections, too. The point is two-fold, we cannot assume anything is secure any more, and there are far more serious issues that warrant alarm than pre-XP SP2 IE vulnerabilities. So far, we have uncovered two groups distributing exploit code in closed circles - in apparent attempts to harvest large enterprise systems. From what we have seen, those that were going after W2K systems have moved on to some of the Linuces - where one would have seen ServU and Slave daemons running under an elevated user. |
| #27 By 16451 (65.19.17.157) at 9/19/2004 1:25:29 PM |
|
>>> BTW, has anyone tried Windows Update for Firefox yet?
It just launches IE. Yawn. >>> none were exposed to anything more than very careful administration - in fact, urgent recommendations to update SSH dating back to October of 2003 were in all but a few client cases, ignored. I always neglect patching my systems as part of a regiment of very careful administration. >>> From what we have seen, those that were going after W2K systems have moved on to some of the Linuces - where one would have seen ServU and Slave daemons running under an elevated user. ROTFL This post was edited by RH7.3 on Sunday, September 19, 2004 at 13:32. |
| #28 By 61 (65.32.168.114) at 9/19/2004 8:59:41 PM |
|
Halc: Explorer is separate from IE... the IE application loads ALL the ie componants within the iexplore.exe process... explorer has the html components loaded separately and is included within the explorer.exe process.
Just as if, say, you had two apps open that use the gecko engine, both apps have to load all the componants no matter what, and will use that much extra RAM. Just because one app has it loaded doesn't mean it doesn't have to be loaded in another app that uses the same engine. |
| #29 By 23275 (68.17.42.38) at 9/20/2004 1:49:12 AM |
|
#46, Hal knock off the spin - you know dern well what I mean - "where people would have gone after W2K systems, they are now turning their attention to the Linuces and wrecking havoc on older and unpatched OpenSSH daemons running on most Linuces." "Further, you tell me the percentage of Linuces admins that have one percent of one clue about privsep, or how to manually set it in the CLI - post that list!"
This called into question for me that OpenSSH, and SSH period, may not be nearly as secure as we might have thought. Also, I am speaking to client systems we are called on to repair, or restore, or migrate [away from Linuces to W2K3, ironically]. In most cases, we see OpenSSH implementations which pre-date 3.7.2 - which as you should know, do not support privsep... From your last post, it is very clear to me that you are not at all interested in any meaningful discourse and that aside from clipping links into threads, you likely are not doing a great deal. The bottom line is, that if a Linuces or any Nix is running SSH and it isn't controlled, someone is going to root that system. There are indeed a great many issues now emerging indicating just how loose OSS is - I mean if SSH is not secure, or can be exploited [because it is open], then what OSS ever could be? It's over as far as I am concerned. That was the last straw for us. OSS and any hint of it being secure just does not seem possible. And finally, yeah - we had the client's systems patched and restored in a few hours. We're now moving them off of OSS and onto either a commercial Unices, or W2K3. I know which they can afford and it isn't a Unices. |
| #30 By 23275 (68.17.42.38) at 9/20/2004 1:57:35 AM |
|
#47, I can't break a client's arms and force them to allow an admin to patch a system - the decisions are theirs and so are the consequences.
|
|
Write Comment
Return to News |
Displaying 26 through 50 of 334 Prev | Last | Next |
The time now is
9:34:46 AM
ET.
Any comment problems? E-mail us |
