Home Forums Classifieds Blogs Today's Posts Search Social Groups



  
SIGN-UP
Notices

Glock Talk
Welcome To The Glock Talk Forums.

 
  
Reply
 
Thread Tools Display Modes
Old 09-23-2012, 22:34   #1
Linux3
Senior Member
 
Linux3's Avatar
 
Join Date: Dec 2008
Posts: 1,399
I.E. Bugs. Fix one and here comes another.

Win 8 isn't even out yet and it has issues.

http://www.theregister.co.uk/2012/09...e10_flash_fix/
__________________
It it's not on fire,
It's a software problem.

To view links or images in signatures your post count must be 10 or greater. You currently have 0 signatures.
Linux3 is offline   Reply With Quote
Old 09-24-2012, 07:26   #2
GlockFanWA
Senior Member
 
Join Date: Sep 2012
Location: Washington
Posts: 666
Quote:
Originally Posted by Linux3 View Post
Win 8 isn't even out yet and it has issues.

http://www.theregister.co.uk/2012/09...e10_flash_fix/
Old news, and not an IE flaw but rather a flash flaw. This effected all versions of IE and any other browser that uses flash (i.e. Chrome).
GlockFanWA is offline   Reply With Quote
Old 09-24-2012, 18:35   #3
sappy13
Senior Member
 
sappy13's Avatar
 
Join Date: Sep 2007
Location: Bremen, GA
Posts: 2,744
we have 2 clients who have had some flash/IE issues. Only surefire fix we have found is to disable the shockwave plugin. Its either that or they cant access their banking sites that utilize ssl.
sappy13 is offline   Reply With Quote
Old 09-24-2012, 19:51   #4
GlockFanWA
Senior Member
 
Join Date: Sep 2012
Location: Washington
Posts: 666
Flash is the devil, no web site should be using it IMO. I usually tell people to enable it by site as needed.
GlockFanWA is offline   Reply With Quote
Old 09-24-2012, 19:57   #5
Linux3
Senior Member
 
Linux3's Avatar
 
Join Date: Dec 2008
Posts: 1,399
Quote:
Originally Posted by GlockFanWA View Post
Old news, and not an IE flaw but rather a flash flaw. This effected all versions of IE and any other browser that uses flash (i.e. Chrome).
But because Firefox and Chrome run in user space potential for harm is much, much less than with I.E. that has hooks into kernel space.

It is an I.E. flaw in that it's written with no real security in mind.
__________________
It it's not on fire,
It's a software problem.

To view links or images in signatures your post count must be 10 or greater. You currently have 0 signatures.
Linux3 is offline   Reply With Quote
Old 09-24-2012, 20:07   #6
ArrowJ
Senior Member
 
ArrowJ's Avatar
 
Join Date: Jun 2004
Location: Illinois
Posts: 276
Quote:
Originally Posted by GlockFanWA View Post
Flash is the devil, no web site should be using it IMO. I usually tell people to enable it by site as needed.
+1
I would say the same thing about IE


http://highcaliberguns.com
http://thesitterdowners.com
ArrowJ is offline   Reply With Quote
Old 09-25-2012, 12:02   #7
ron59
Bustin Caps
 
ron59's Avatar
 
Join Date: Jan 2009
Location: near Atlanta, GA
Posts: 6,814
Quote:
Originally Posted by Linux3 View Post
But because Firefox and Chrome run in user space potential for harm is much, much less than with I.E. that has hooks into kernel space.

It is an I.E. flaw in that it's written with no real security in mind.
Obviously by your user name you're a Linux guy.

I don't have the links handy, but being a software developer, I keep up on the news. There have been several *critical* issues over the years involved with Linux.

Here's one:
http://www.networkworld.com/communit...d-critical-bug
AT THE KERNEL LEVEL. That's pretty serious, and even worse is that it was reported in 2004 but the "fix" never made it to released code or some such nonsense. Really?

Here's another:
http://www.theregister.co.uk/2009/08...cal_linux_bug/
Pretty sure it's a different issue.

There's probably a lot more lurking around, but the hackers aren't targeting Linux because it doesn't have the market share Windows does.

So easy with the criticism and snobbish elitism... your world is nowhere near as "neat" as you might think it is.
__________________
Ron M. ('59 is my birth year)

Quote:
WTF?! How a cheap can an old, the old fart get?!

Last edited by ron59; 09-25-2012 at 12:02..
ron59 is offline   Reply With Quote
Old 09-25-2012, 21:04   #8
Linux3
Senior Member
 
Linux3's Avatar
 
Join Date: Dec 2008
Posts: 1,399
Quote:
Originally Posted by ron59 View Post
Obviously by your user name you're a Linux guy.

I don't have the links handy, but being a software developer, I keep up on the news. There have been several *critical* issues over the years involved with Linux.

Here's one:
http://www.networkworld.com/communit...d-critical-bug
AT THE KERNEL LEVEL. That's pretty serious, and even worse is that it was reported in 2004 but the "fix" never made it to released code or some such nonsense. Really?
Did you really read this? The system has to be already compromised for this flaw to be exploited. OK, so if you can crack into a system by a method that doesn't exist... Then you can run this exploit and further change from a user to root. Silly
Quote:
Originally Posted by ron59 View Post
Here's another:
http://www.theregister.co.uk/2009/08...cal_linux_bug/
Pretty sure it's a different issue.
Yet another "proof-of-concept" crack that has never resulted in a crack of a system.
Quote:
Originally Posted by ron59 View Post
There's probably a lot more lurking around, but the hackers aren't targeting Linux because it doesn't have the market share Windows does.
So easy with the criticism and snobbish elitism... your world is nowhere near as "neat" as you might think it is.
Who cares about market share? If crackers were only interested in playing around with desktop systems then yes, MS has a larger share but exploits are about money! Banks everywhere, the New York Stock Exchange, London Stock Exchange, Google, Nasdaq and Wall Street run Linux. That's where the money is and the reason they use Linux is SECURITY.
Point me to links about Linux systems that were cracked. Not "proof-of-concept", but actual cracks.
Get out of your dream world. MS has the major share of the desktop, so what. All the big iron, and the big servers use Linux.
Apple is a much larger company than MS and they use BSD Unix on their desktop and with that and iOS they are making a ton of money. Why? Ease of use and security. iOS and Android are becoming the dominant force on the web.
Microsoft has the most desktop systems. Big whoop and who cares. The cloud ( Linux servers) and iOS and Android are taking over the Internet.
Yes, Microsoft is a big company and will be around for years on the desktop but that's not where the future lies.
Real security engineers know what OS to run.
__________________
It it's not on fire,
It's a software problem.

To view links or images in signatures your post count must be 10 or greater. You currently have 0 signatures.

Last edited by Linux3; 09-25-2012 at 21:05..
Linux3 is offline   Reply With Quote
Old 09-25-2012, 23:06   #9
GlockFanWA
Senior Member
 
Join Date: Sep 2012
Location: Washington
Posts: 666
Quote:
Originally Posted by Linux3 View Post
But because Firefox and Chrome run in user space potential for harm is much, much less than with I.E. that has hooks into kernel space.
Running in Protected Mode

Pre-IE 8, especially IE 6, there were a large number of security concerns. With IE 9 and higher MS has taken great steps to eliminate bugs and improve security. Run in protected mode, use inprivate browsing, and don't be a dillweed surfing and you are pretty much as safe as using any other browser out there.
GlockFanWA is offline   Reply With Quote
Old 09-27-2012, 10:01   #10
ron59
Bustin Caps
 
ron59's Avatar
 
Join Date: Jan 2009
Location: near Atlanta, GA
Posts: 6,814
Quote:
Originally Posted by Linux3 View Post
Did you really read this? The system has to be already compromised for this flaw to be exploited. OK, so if you can crack into a system by a method that doesn't exist... Then you can run this exploit and further change from a user to root. Silly

Yet another "proof-of-concept" crack that has never resulted in a crack of a system.

Who cares about market share? If crackers were only interested in playing around with desktop systems then yes, MS has a larger share but exploits are about money! Banks everywhere, the New York Stock Exchange, London Stock Exchange, Google, Nasdaq and Wall Street run Linux. That's where the money is and the reason they use Linux is SECURITY.
Point me to links about Linux systems that were cracked. Not "proof-of-concept", but actual cracks.
Get out of your dream world. MS has the major share of the desktop, so what. All the big iron, and the big servers use Linux.
Apple is a much larger company than MS and they use BSD Unix on their desktop and with that and iOS they are making a ton of money. Why? Ease of use and security. iOS and Android are becoming the dominant force on the web.
Microsoft has the most desktop systems. Big whoop and who cares. The cloud ( Linux servers) and iOS and Android are taking over the Internet.
Yes, Microsoft is a big company and will be around for years on the desktop but that's not where the future lies.
Real security engineers know what OS to run.
While some attacks are against servers (stealing CC numbers and the like), MOST of the attacks aren't THROUGH servers, but instead individual PCs and client software such as the browser. (Flash, Adobe, IE, FF, etc).

The concepts of breaking into an individual's PC and installing software to "take it over", make it do DoS attacks, and such.... that's done at the PC level. I would say the vast majority of problems are at the individual PC level, not server level. Even this thing you reported is IE related, not IIS related.

I am proposing that Linux software and applications are just as prone to bugs, BUT THE HACKERS DON'T BOTHER, as there isn't enough return on the investment.

1. They're really going to be able to succeed with unsophisticated users. Yes, most of those users use Windows as it's "simpler" than them.

2. You wouldn't be able to "fix" that by having them install Linux. Why? Too complicated for them.

3. Most people who bother to install Linux are probably more sophisticated than your typical user and aren't going to click on suspicous links and stuff.

4. So you have a OS (Linux) that has small market share, run by more sophisticated users. And therefore the Hackers don't want to spend the time for the low return on investment. Does that mean Linux itself is a better product? I don't think so.

5. Windows would be way more secure if people would create user logins that weren't administrative level. But then that restricts them sometimes in day to day activities. So they promote the user to admin level. And open themselves to problems. I wonder how often the same thing happens in the Linux world.

Since your OP was about IE (a client application on an individual PC), that is the realm of this discussion, NOT to bring in points about the OS that runs on Servers.

You want to create a thread and debate server OS's that's fine. But for this context, all of your points are moot. You can try again though.
__________________
Ron M. ('59 is my birth year)

Quote:
WTF?! How a cheap can an old, the old fart get?!

Last edited by ron59; 09-28-2012 at 08:19..
ron59 is offline   Reply With Quote
Old 09-27-2012, 22:07   #11
GlockFanWA
Senior Member
 
Join Date: Sep 2012
Location: Washington
Posts: 666
Quote:
Originally Posted by ron59 View Post
I am proposing that Linux software and applications are just as prone to bugs, BUT THE HACKERS DON'T BOTHER, as there isn't enough return on the investment.
Bingo, which is why Apple has seen an uptick in attacks, getting enough market share to make it worth while for an attacker.
GlockFanWA is offline   Reply With Quote

 
  
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT -6. The time now is 20:39.




Homepage
FAQ
Forums
Calendar
Advertise
Gallery
GT Wiki
GT Blogs
Social Groups
Classifieds


Users Currently Online: 1,260
387 Members
873 Guests

Most users ever online: 2,672
Aug 11, 2014 at 2:31