On 02/09/2010 06:45 AM, VanguardLH wrote:
> MEB wrote:
>
>> On 02/08/2010 09:50 PM, VanguardLH wrote:
>>> MEB wrote:
>>>
>>>> As if there weren't enough Windows and IE vulnerabilities already being
>>>> addressed, here's another one that may not be in the patch being prepared.
>>>>
>>>> http://www.blackhat.com/html/bh-dc-1...#AlvarezMedina
>>>>
>>>> Microsoft has issued a security advisory:
>>>> Microsoft Security Advisory (980088)
>>>> Published: February 03, 2010
>>>> http://www.microsoft.com/technet/sec...ry/980088.mspx
>>>>
>>>> Until the patch or whatever comes via Microsoft, it is HIGHLY
>>>> recommended to follow the workarounds provided on the page.
>>>
>>> http://groups.google.com/group/24hou...9d7d35510ebf12
>>
>> Wow, you went "all out" in that posting. But you are right, Microsoft
>> HAS known of this issue as well as numerous others, and seems to only
>> fix them or offer solutions PUBLICLY when someone actually notices them.
>> AND has the audacity to complain when people get frustrated and DO make
>> the issues public rather than waiting for months or years for Microsoft
>> to get around to fixing them.
>> Moreover, as you note, the users SHOULD be running with far stricter
>> settings. The problem is they ALWAYS complain when there are tightened
>> settings or forced SU-like activities, and work to disable most of those
>> if possible.
>> As for the other browsers, they also are filled with flaws and
>> vulnerabilities as well as was partial noted for FF add-ons/pluggins in
>> your posting [as well as Chrome].
>>
>> Guess I should have put that here when I first noticed it.. ya beat me
>> by a couple days.. why didn't you place it here as well?
>
> When you get accustomed to stepping over the cowpies, you forget that others
> don't see them. Besides, I've long used other means of protecting my
> Interent-facing applications than rely on protocol restrictions. I only
> enabled the Network Lockdown on my host recently just to see if I manage to
> hit a site that attempts to use those protocols (rather than me entering
> them in the Address Bar). Out of my over 700 shortcuts in my Favorites
> hierarchy, I didn't hit one that wouldn't work with those additional
> protocol restrictions.
And I think you make an excellent point; using the greater restrictions
does not generally effect normal usage; anymore than when I refused to
install and use Flash or severely restricted its activities, restricted
JAVA and other scripting, or completely block scripting from/during Web
access, and other protections that I had applied when using Windows.
Where these restrictions DID affect usage, was a good indication of a
place inherently vulnerable to hacks, hijack, and like activities.
Regretfully, web designers/developers know of the issues involved yet
insist they be expanded even further; and now press for expanded "cloud
computing" when we can't even effectively [to the point of being
remotely sure] protect ourselves from less invasive activities. There
are just too many flaws and vulnerabilities associated with all this
coding/scripting and melding of same into the base OSs.
--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---
Similar Threads
Linear Mode
