|
|
User Controls
|
New User
|
Login
|
Edit/View My Profile
|
|
|
|
ActiveMac
|
Articles
|
Forums
|
Links
|
News
|
News Search
|
Reviews
|
|
|
|
News Centers
|
Windows/Microsoft
|
DVD
|
ActiveHardware
|
Xbox
|
MaINTosh
|
News Search
|
|
|
|
ANet Chats
|
The Lobby
|
Special Events Room
|
Developer's Lounge
|
XBox Chat
|
|
|
|
FAQ's
|
Windows 98/98 SE
|
Windows 2000
|
Windows Me
|
Windows "Whistler" XP
|
Windows CE
|
Internet Explorer 6
|
Internet Explorer 5
|
Xbox
|
DirectX
|
DVD's
|
|
|
|
TopTechTips
|
Registry Tips
|
Windows 95/98
|
Windows 2000
|
Internet Explorer 4
|
Internet Explorer 5
|
Windows NT Tips
|
Program Tips
|
Easter Eggs
|
Hardware
|
DVD
|
|
|
|
Latest Reviews
|
Applications
|
Microsoft Windows XP Professional
|
Norton SystemWorks 2002
|
|
Hardware
|
Intel Personal Audio Player
3000
|
Microsoft Wireless IntelliMouse
Explorer
|
|
|
|
Site News/Info
|
About This Site
|
Affiliates
|
ANet Forums
|
Contact Us
|
Default Home Page
|
Link To Us
|
Links
|
Member Pages
|
Site Search
|
Awards
|
|
|
|
Credits
©1997/2004, Active Network. All
Rights Reserved.
Layout & Design by
Designer Dream. Content
written by the Active Network team. Please click
here for full terms of
use and restrictions or read our
Privacy Statement.
|
|
|
|
|
|
|
|
Time:
10:15 EST/15:15 GMT | News Source:
ZDNet |
Posted By: Jonathan Tigner |
A year ago this month, security researcher Petko D. Petkov (left) released details on vulnerabilities in Apple’s QuickTime media player to show how movie and MP3 files can be backdoored to hack into Firefox.
Apple fixed one of the bugs but the second issue, which allows malicious manipulation of QuickTime Media Link (.qtl) files, remains unpatched and presents a serious danger to Firefox users.
According to Petkov, a U.K.-based penetration testing specialist, the result of this vulnerability can lead to full compromise of the browser and maybe even the underlying operating system.
|
|
#1 By
23275 (24.179.4.158)
at
9/13/2007 12:02:28 PM
|
The lack of comments on this story suggest that we've all woken up to the reality that software, like anything made by man, will likely have a few flaws and that equally, flawed people will seek to take advantage of them.
<and that notparker is either on vacation, or his keyboard is broken (kidding NP)>.
So perhaps.... just maybe... FF and Mac aren't as secure as IE 7 in PM on Vista....??? and perhaps, possibly, that whole trustworthy computing and SDL thing were real and producing real results; making people using Microsoft software safer, more secure and therefore, more productive?? Could it be?
|
#2 By
37047 (216.191.227.68)
at
9/13/2007 12:48:03 PM
|
#1: If that is the case, then why do I still see IE7 security updates? IE7 is not immune to security issues, and therefore you're saying that IE is more secure than FF and Mac doesn't make it so. Nor does Microsoft make it possible to actually prove it one way or the other, due to the closed nature of their outstanding defect database and habit of silent fixing of multiple bugs in a single update. Apple is no better for this behaviour, either. Only FF has an open bug tracking database. And yes, NotParker, you too can access all of it simply by signing up for an account, which does not have a fee attached to it, AFAICS. Therefore, there is really no way for yopu to actually prove that IE is more secure, other than to keep saying it is so.
Personally, I keep everything as up to date as possible, so I am as protected as can be no matter what I am browsing with.
|
#3 By
28801 (65.90.202.10)
at
9/13/2007 2:07:50 PM
|
I have know doubt that IE7 in Protected mode on Vista is more secure that FF. IE7 on XP is another story.
|
#4 By
37 (66.191.120.168)
at
9/13/2007 3:49:21 PM
|
I am confident that FF on Mac is more secure. I would agree that IE7 in PM in Vista is more secure than FF in Vista.
|
#5 By
7754 (206.169.247.2)
at
9/13/2007 4:35:20 PM
|
I am confident that FF on Mac is more secure.
Why? With comments like that, I'm beginning to wonder if someone hasn't slipped something in your kool-aid.
(And I'm not a FF basher... in fact, I like it quite a bit.)
Edit--messed up the formatting, sorry.
This post was edited by bluvg on Thursday, September 13, 2007 at 16:36.
|
#6 By
32132 (142.32.208.232)
at
9/13/2007 4:40:36 PM
|
# "Only FF has an open bug tracking database."
Except for the embargoed sections that are kept secret.
"you too can access all of it simply by signing up for an account"
Its not open if I have to give them personal information to possibly see it. Prove its open. Go find all the Firefox bugs that are embargoed and post the info.
|
#7 By
37 (76.210.78.134)
at
9/14/2007 7:59:45 AM
|
#5 Why not? I am thinking the kool-aid drinking is by someone else, that is for sure.
|
#8 By
7754 (206.169.247.2)
at
9/14/2007 9:58:34 AM
|
#7: rather than simple confidence, I would expect architectural comparisons that explain why you assert that is the case. Examining both platforms, I don't see much to support that.
|
#9 By
23275 (24.179.4.158)
at
9/14/2007 10:23:33 AM
|
#8, we could start with an examination of PM and UIPI and how they work together to manage the space allocated to IE 7 in Vista. For that matter, how both can be used by FF/Moz and or any developer for any application - and then wonder... why in the heck are they not breaking the larger code here and realizing just how lame and nearly dead ALL browsers are.
Here's what I have been saying, and ironically, began posting here in the first place back in 2004 [opposite all the noise about IE - FF, in the context of security]. The arguments were similar and I asserted that the browser was rapidly approaching irrelevance and that with Vista and all around it, new methods would be used.
Now, that the WPF, Silverlight 1.1 and its emerging access to .NET - take what a dev can do in .NET as presented via the WPF as designed in Silverlight. Leverage the UIPI to broker transactions and execute in PM - Voil'a! One has the ability to build, ship and support applications that are indeed "rich" - that run over the Internet and as I said in 2004, are launched from the browser. The browser then becomes what it is best suited for - browsing web pages.
Don't think for a second that this will not happen - it will, and because no browser extension [which even Silverlight is right now (vers 1.1 changes that)], will be able to keep up with it, or deliver the kind of experiences that people expect.
There is a reason that the IE icon is no longer on the Vista desktop - and it has more to do with what I have written above than it does anything else and it is also why there was no new IE sooner. BTW, IE 8 will be very different - a palette, BTW... and one used to allow devs and users to access all the SW and experiences they want - which will be a very rich combination of very fast and light desktop software, communicating with powerful servers storing logic, and data where appropriate.
BTW, Awin regulars will definately see what I mean and very, very soon...
|
#10 By
37 (76.210.78.134)
at
9/14/2007 10:59:15 AM
|
#8, why reinvent the wheel and explain why? It's been explained time and time again, ad nauseum. Google.com is your friend.
|
#11 By
7754 (206.169.247.2)
at
9/14/2007 12:07:22 PM
|
#10, I'd say the same thing. Simply put, Vista uses the principle of least privilege with the browser (IE). Mac does not.
|
#12 By
37 (76.210.78.134)
at
9/14/2007 12:22:38 PM
|
Mac doesn't use IE. Vista wouldn't need "least privilege" if the OS and IE browser were not inherently prone to security risks.
|
#13 By
7754 (206.169.247.2)
at
9/14/2007 1:12:22 PM
|
Least Privilege is an OS-agnostic principle. And are you implying that OS X and FF are not "inherently prone to security risks"? C'mon... by all means, use a Mac... but don't join the cult! :P
|
#14 By
37 (76.210.78.134)
at
9/14/2007 1:59:37 PM
|
I am playing devils advocate here. You just didn't take the bait :-)
|
#15 By
7754 (206.169.247.2)
at
9/14/2007 2:35:18 PM
|
So you're just feigning interest in Macs? :-/
Hey, so are you not doing Publisher anymore? What are you using now? Quark? Adobe?
|
#16 By
23275 (24.179.4.158)
at
9/14/2007 2:56:42 PM
|
every application - indeed, every process, should run with as few privilges as possible.
|
#17 By
7754 (206.169.247.2)
at
9/14/2007 3:10:39 PM
|
I think we should all congratulate lketchum on his shortest post ever. ;)
Just teasin' ya.
|
#18 By
23275 (24.179.4.158)
at
9/14/2007 3:51:55 PM
|
Thank you. LOL
|
#19 By
37 (66.191.120.168)
at
9/14/2007 4:19:43 PM
|
Nah, just pointing out that Windows is not as secure as many believe (and that is coming from a previous diehard MS Shill). I will say that I honestly believe that Windows and IE are compromised due to it's market saturation. I believe that if nix or Mac had the Windows marketshare, we would see probably close to as many threats.
But, I still would take my new Mac over a Vista/XP desktop any day (for what I use it for).
Done with Publisher. There are many reasons, one of which, is the Publisher team doesn't act on their own merits, and listen to their customers all the time. I have sat in on too many meetings in the Pub division in Redmond to see that it's the money that sways their decisions, not the consumer.
My career no longer has me using desktop publishing products, so I have none of those. I only do image editing now, and for that (at home), I am using GIMP.
That said, Publisher is still an excellent product for the price, and I recommend it for the SOHO market, and new users. Another viable option that has surpassed Publisher in features (and is priced better) is Serif PagePlus. If it wasn't for the lack of support (it's a small company out of the UK with very little web community presence and zero commerical printing support), I would recommend that over Publisher. PagePlus has native PDF (as opposed to Publishers add-on), so that might even sway anyone here contemplating an update to their desktop publishing software.
|
#20 By
2960 (68.100.112.199)
at
9/17/2007 10:57:50 AM
|
I HATE QUICKTIME!!!!
Not necessarily the technology (it's streaming is actually damned good), but the fact that when installed, it takes it upon itself to take over every damned thing it can.
I still can't get Firefox to open my VOIP phone messages back in WMP like I want it to. Quicktime hijacked it and ever worse, only plays 1/2 of each file.
It's also become somewhat of a pig.
TL
|
|
|
|
|