Microsoft FUDwatch II: Internet Explorer vs. Firefox security
,----[ Quote ]
| It's a convenient fiction that buying everything from one vendor makes life
| easier. It may make installation and integration between programs easier, but
| that ease leads to single points of failure. Hijacking a browser is nice, but
| using the browser to dig deep into the OS, to have that hijacking facilitated
| by a too-close tie between the browser and the OS? Even better.
`----
http://blogs.cnet.com/8301-13505_1-9827570-16.html?part=rss&tag=feed&subj=TheOpenRoad
More Redmond Kool-Aid. See a list of many critical IE bugs below (very
partial). Even Microsoft was hiding is Web site behind GNU/Linux. New:
MS on Linux
http://blog.knightlust.com/?p=36
Windows is blamed for most of the bugs. /Any/ browser on Windows may not be
secure, say experts.
Related:
THIS ONE TURNED OUT TO BE A LIE (admission from the accuser):
ToorCon ("Firefox security is a mess") sponsored by Microsoft
,----[ Quote ]
| Lately, I read the headline: "Open Source browser Firefox is so
| critically flawed that it is impossible to fix, according to two
| hackers." Further on, in the ZDNet article I read: "The hackers claim
| they know of about 30 unpatched Firefox flaws. They don't plan to
| disclose them, instead holding onto the bugs."
|
| Since that sounds suspicious, I decided to start searching for
| connections with MS. Easy enough, here it is...
`----
http://lxer.com/module/newswire/view/70873/index.html
http://antitrust.slated.org/www.iowaconsumercase.org/011607/3000/PX03096.pdf
When AntiVirus Products (and Internet Explorer) Fail you
,----[ Quote ]
| When Didier Stevens recently took a closer look at some Internet Explorer
| malware that he had found, something surprised him somwehat. He discovered
| that the IE-targeted malware had been obfuscated with null-bytes (0x00) and
| when run against VirusTotal, he found that fewer than half of the products
| identified the sample as malware (15 of 32). When all null-bytes were
| removed, the chances of successful detection improved, though not as much as
| would normally be expected (25 of 32 detections).
`----
http://www.beskerming.com/commentary/2007/10/29/296/When_AntiVirus_Products_(and_Internet_Explorer)_Fail_you
Code posted for Internet Explorer attack
,----[ Quote ]
| "This type of vulnerability has been very popular with malicious
| attacks in the past, and we expect to see its usage increase
| substantially, now that exploit code is publicly available,"
| security vendor Websense. warned in a note published Monday.
`----
http://news.yahoo.com/s/infoworld/20070327/tc_infoworld/87185
Microsoft probes possible IE 7 phishing hole
,----[ Quote ]
| The vulnerability relates to the message IE displays when Web page
| loading is aborted, Raff wrote. An attacker can rig the message by
| creating a malicious link. The message will offer a link to retry
| loading the page; hitting it brings up the attacker's page, but
| showing an arbitrary Web address, he wrote.
`----
http://news.zdnet.com/2100-1009_22-6167410.html
Critical IE Graphics Flaw Resurfaces
,----[ Quote ]
| It's bad enough when crooks exploit bugs to ruin a home computer,
| but the consequences of a successful attack can be much worse.
| A substitute teacher in Norwich, Connecticut, found that out when
| a computer she was using in her classroom suddenly started showing
| pornographic pop-up ads to everyone in the class. She now faces up
| to 40 years in prison after being convicted of willfully showing
| her students the images. A security expert hired by her defense,
| however, says he found malicious software on the PC.
`----
http://news.yahoo.com/s/pcworld/128385;_ylt=AnYSp3TwbF_W2YFkgjhv9oEDW7oF
Monthly Microsoft Patch Hides Tricky IE 7 Download
,----[ Quote ]
| Opinion: Microsoft used the January 2007 security update to
| induce users to try Internet Explorer 7.0 whether they wanted
| to or not. But after discovering they had been involuntarily
| upgraded to the new browser, they next found that application
| incompatibility effectively cut them off from the Internet.
`----
http://www.eweek.com/article2/0,1895,2086423,00.asp
Attack code out for 'critical' Windows flaw
,----[ Quote ]
| All recent versions of Windows are vulnerable when all recent
| versions of IE, including IE 7, are in use, according to Microsoft.
`----
http://news.zdnet.com/2100-1009_22-6150642.html
IE7 'critical update' causes headaches for managed desktop environments
,----[ Quote ]
| As many organisations may not feel compelled to turn off automatic
| updates, they should be prepared to face this is issue when Internet
| Explorer 7 is downloaded and installed automatically.
`----
http://www.theregister.co.uk/2006/11/12/ie7_critical_update_managed_desktops/
IE 7 bugs abound
,----[ Quote ]
| "But browser testers may already be at risk, according to security
| researcher Tom Ferris. Late Tuesday, Ferris released details of a potential
| security flaw in IE 7. An attacker could exploit the flaw by crafting a
| special Web page that could be used to crash the browser or gain complete
| control of a vulnerable system, Ferris said in an advisory on his Web site.
| Microsoft had no immediate comment on Ferris' alert."
`----
http://news.com.com/2100-1002_3-6034054.html?part=rss&tag=6034054&subj=news
Which Is Safer: Internet Explorer 7 or Firefox 2.0?
,----[ Quote ]
| In the SmartWare test, Microsoft's Internet Explorer 7 blocked 690
| known phishing sites, or 66.35 percent of the total. In contrast,
| Firefox blocked 78.85 percent when using a local antiphishing
| database and 81.54 percent when using the online database.
`----
http://news.yahoo.com/s/nf/20061114/bs_nf/47901
Information disclosure bug blights IE7 release
,----[ Quote ]
| The flaw stems from error in the handling of redirections
| for URLs with the "mhtml:" URI handler. Security
| notification firm Secunia reports that the same bug
| was discovered six months ago in IE6 but remains unresolved.
`----
http://www.theregister.co.uk/2006/10/19/ie7_first_bug/
IE Used to Launch Instant Messaging and Questionable Clicks
,----[ Quote ]
| First of all, you need to visit an infection site using Internet
| Explorer - this exploit doesn't work in Firefox, for example.
`----
http://blog.spywareguide.com/2006/10/ie_used_to_launch_instant_mess_1.html
Firefox Still Tops IE for Browser Security
,----[ Quote ]
| "Mozilla is forthcoming about vulnerabilities," Levy said, whereas "it
| takes Microsoft far longer to acknowledge vulnerability."
|
| How much longer? "In the last reporting period, the second half of last
| year, Microsoft had acknowledged 13 vulnerabilities. We've now revised it
| to 31. The difference is that now Microsoft has acknowledged these
| vulnerabilities."
|
| [...]
|
| "Mozilla can turn around on a dime," Levy said. "Open-source programmers
| can recognize a problem and patch it in days or weeks."
|
| And as for Microsoft?
|
| "If a vulnerability is reported to Microsoft, Microsoft doesn't
| acknowledge it for at least a month or two. There's always a certain
| lag between knowing about a bug and acknowledging it," Levy said.
`----
http://www.eweek.com/article2/0,1759,1865087,00.asp?kc=EWEWKEMLP093006BOE1
IE Exploit Could Soon Be Used By 10,000-plus Sites
,----[ Quote ]
| First reported by Florida-based Sunbelt Software Tuesday, the bug has
| already been used to compromise PCs and load them with scores of adware
| and spyware programs, as well as other malicious code. Users surfing with
| IE 6 and earlier can be infected simply by viewing the wrong site.
`----
http://www.techweb.com/wire/security/193004128;jsessionid=QXNCAQ0RB3TRYQSNDLRCKH0CJUNN2JVN
http://tinyurl.com/gdkdp
Russian sites using new IE bug to install spyware
,----[ Quote ]
| This is the second unpatched flaw found in IE over the past week. On
| Sept. 14, researchers posted code that could be used to exploit a
| different vulnerability in a multimedia component of the Web browser.
| Microsoft is still investigating that flaw and is not saying whether it
| too will be patched next month.
`----
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9003446&source=rss_news50
http://tinyurl.com/edfdw
Seen in the wild: Zero Day exploit being used to infect PCs
,----[ Quote ]
| The exploit uses a bug in VML in Internet Explorer to overflow a buffer
| and inject shellcode. It is currently on and off again at a number
| of sites.
|
| Security researchers at Microsoft have been informed.
`----
http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-being.html
Attack code targets new IE hole
,----[ Quote ]
| Computer code that could be used to hijack Windows PCs via a
| yet-to-be-patched Internet Explorer flaw has been posted on the Net,
| experts have warned.
`----
http://news.zdnet.com/2100-1009_22-6115966.html
Breaking: Newsvine Acquired By Microsoft — What is Microsoft going to do with
the Linux Hosted site they just bought?
,----[ Quote
| The funny thing is, The site is hosted on Debian Linux...
`----
http://www.tribbleagency.com/?p=383
Top secret: Microsoft's $6 billion open source play
,----[ Quote ]
| This month's announcement by Microsoft to acquire digital marketing
| services firm aQuantive has revealed little on how the companies
| will integrate their IT, but inside information indicates the deal
| may be Redmond's largest commitment to free software.
|
| [...]
|
| Whether the businesses are complementary or not, Microsoft's integration
| work will no doubt involve a lot of open source software used by aQuantive.
|
| Information available from Atlas' Web site indicates the Internet software
| company employs extensive use of open source software including Linux,
| Apache, MySQL, and Solaris.
|
| Software engineers at Atlas' Raleigh office do client/server development in
| C and C++, software maintenance and "scripting", and developing and
| maintaining custom reporting capabilities.
`----
http://www.linuxworld.com.au/index.php/id;1616039231;fp;2;fpid;1
It's unofficial: Microsoft bets business on Linux
,----[ Quote ]
| What the press statement didn't mention is that Aruba mobility
| controllers run the Linux operating system which Microsoft has
| aggressively targeted as being inferior to Windows as part of
| its "Get the Facts" marketing campaign.
|
| [...]
|
| Pandey's appraisal of Aruba's technology is in stark contrast to
| Microsoft's "Get the Facts" rhetoric which places Windows as a more secure,
| and higher-performing choice over Linux.
`----
http://www.linuxworld.com.au/index.php/id;754084996;fp;2;fpid;1
Skeletons in Microsoft’s Patch Day closet
,----[ Quote ]
| This is the first time I’ve seen Microsoft prominently admit to silently
| fixing vulnerabilities in its bulletins — a controversial practice that
| effectively reduces the number of publicly documented bug fixes (for those
| keeping count) and affects patch management/deployment decisions.
`----
http://blogs.zdnet.com/security/?p=316
Beware of undisclosed Microsoft patches
,----[ Quote ]
| Forget for a moment whether Microsoft is throwing off patch counts
| that Microsoft brass use to compare its security record with those
| of its competitors. What do you think of Redmond’s silent patching
| practice?
`----
http://blogs.zdnet.com/microsoft/?p=527
Microsoft is Counting Bugs Again
,----[ Quote ]
| Sorry, but Microsoft's self-evaluating security counting isn't really a
| good accounting.
|
| [...]
|
| The point: Don't count on security flaw counting. The real flaw is
| the counting.
`----
http://www.microsoft-watch.com/content/security/microsoft_is_counting_bugs_again.html?kc=MWRSS02129TX1K0000535
How secure are Linux, Window and Mac OS?
http://www.masuran.org/node/29
2006 Operating System Vulnerability Summary
http://www.omninerd.com/2007/03/26/articles/74
Linux vs. Windows: Which is Most Secure?
http://www.esecurityplanet.com/views/article.php/3665801
Linux Security: A Big Edge Over Windows
http://www.linuxinsider.com/rsstory/54742.html
The problems with Vista laid bare - What might have been
http://www.theinquirer.net/default.aspx?article=38419
Why Windows is less secure than Linux
http://blogs.zdnet.com/threatchaos/?p=311
Linux more secure than Windows, national survey shows
http://www.xomba.com/linux_more_secure_than_windows_national_survey_shows
Microsoft Windows: Insecure by Design
http://www.washingtonpost.com/ac2/wp-dyn/A34978-2003Aug23?language=printer
If Only We Knew Then What We Know Now About Windows XP
http://www.washingtonpost.com/wp-dyn/content/article/2006/09/23/AR2006092300510.html?nav=rss_technology
Why Windows is a security nightmare.
http://www.smh.com.au/articles/2004/05/21/1085120110704.html
The Structural Failures of Windows
http://www.theinquirer.net/default.aspx?article=15305
|
|
