| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
Microsoft To Issue 7 Patches This Month | |
|
||
| Time: 23:34 EST/04:34 GMT | News Source: Ent Mag | Posted By: Kenneth van Surksum | ||
|
Redmond projects a rollout of seven fixes for its June patch release, with three rated critical, three important and -- in a rare twist, considering previous months' rollouts -- one moderate.
| ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 306 Last | Next |
The time now is
2:21:22 PM
ET.
Any comment problems? E-mail us |
| #1 By 15406 (216.191.227.68) at 6/9/2008 8:09:32 AM |
| Hmm. Just last week, someone was telling me that, if I want a secure Internet platform, I need to avoid Firefox and go with Vista & IE7. How about that. |
| #2 By 23275 (68.186.182.236) at 6/9/2008 10:25:32 AM |
|
The advice would be as sound today as it was last week.
ASLR + NX = very effective defense against any RCE PM + ASLR + NX = even more effective defense against RCE PM + ASLR + NX + UAC = most effective defense against RCE PM + ASLR + NX + UAC + user who can read = no more excuses to use an OS less secure than Windows Vista x64 and IE 7/8 in its default PM. |
| #3 By 15406 (216.191.227.68) at 6/9/2008 11:49:59 AM |
|
#2: Nice save attempt. It's a drag when you talk and your own words come back to haunt you almost immediately, isn't it? Why bother with all that layered security when IE will happily bend over at the drop of a hat? Good thing I'm using Firefox and NoScript.
|
| #4 By 23275 (68.186.182.236) at 6/9/2008 12:08:50 PM |
| #3, utter nonsense. Show me one exploit of any kind that can get past what I have posted. |
| #5 By 23275 (68.186.182.236) at 6/9/2008 12:16:39 PM |
|
Latch, before this goes further and becomes unhelpful, please understand one thing:
I do all this Awin stuff as a community service and in that spirit, I offer what I have proven to myself to work best. Now, many will argue that FF and NoScript is a good thing, but they would be mistaken - it offers very little: http://sla.ckers.org/forum/read.php?3,20453,20613 Now also understand, I don't care about being right in the context of challenging what you post. I simply want to offer people who rely on Awin for news and advice good information - that is as accurate at any one point in Internet Time will allow. Please look carefully at what sla.cker et al, have to say. It's valid and relevant. Read further... http://www.0x000000.com/index.php?i=515 "don't just Give Google, or any other party access to your personal information for goodness sake - at least make them pay for it!" What I hope to show here is that there are many sides to most issues and on either side, we see imperfect solutions, or none at all. There are skilled people who can get around NoScript quite easily (as an example). So it is best then to follow a strategy that mitigates vulns. and informs the user before any undesired SW is allowed to run and similarly, to use ASLR + NX together. It forces criminal hackers to "guess" and denies them access to the 5 plus Gig published Db of known address spaces. It's that simple - just make things as hard on criminals as possible. This post was edited by lketchum on Monday, June 09, 2008 at 12:49. |
| #6 By 15406 (216.191.227.68) at 6/9/2008 2:15:50 PM |
|
#5: I was going to read it, but then I remembered what you said about lowly blog posts and how they can't be accurate. This is just a thread with 2 guys arguing back & forth. How is that credible? And the issue they're arguing over appears to have long since been fixed anyway. You're channeling parkkker by complaining about a bug long after it's been fixed. Finally, the very page you mention says quite clearly that NoScript mitigates this problem. So, can you please explain in simple terms how NoScript & FF are bad (when the example you provide is stopped by NoScript), but Vista & IE are good when there's a new remote exploit for them out now?
Anyway, I'm not going to keep pushing this. I'm just enjoying the moment. |
| #7 By 23275 (68.17.42.120) at 6/9/2008 6:28:35 PM |
|
"mitigate," but not prevent and it would be bad to provide resources that actually led to exploits.
The point was to show that even with a user fracturing their browsing experience, that they are still not safe using FF. And for that matter... how many people are actually running NoScript? How would this be managed centrally? How many pre-NoScript FF users have been compromied, or will be today, for that matter? Look, you can't just stick your head in the sand and then ask a buddy to shovel soil over the top of it - that just won't work. In the meantime, users running as I have suggested would have to intentionally confirm several prompts just to see the RCE fail as the address space used by the criminal hacker would be wrong. |
|
Write Comment
Return to News |
Displaying 1 through 25 of 306 Last | Next |
The time now is
2:21:22 PM
ET.
Any comment problems? E-mail us |
