PDA

View Full Version : High-Risk Flaws Flagged in IE, Mozilla


MacBytes
Jan 7, 2005, 02:55 PM
Category: News and Press Releases
Link: High-Risk Flaws Flagged in IE, Mozilla (http://www.macbytes.com/link.php?sid=20050107155507)
Posted on MacBytes.com (http://www.macbytes.com)

Approved by Mudbug

mcarvin
Jan 7, 2005, 05:45 PM
I can't remember the last time I saw a nntp:// link. I'm sure they're out there, but they're not as common as they were years ago. Knowing the Moz group, they'll have this fixed by now. Probably not high risk.

OTOH, using IE, some script kiddie can place a malicious exe in a startup folder virtually undetected. High risk? Um, yeah.

A guy I do freelance for told me a few months ago that I'm "just waiting to be hacked" because I use open source and Macs. Rock on.

bousozoku
Jan 7, 2005, 08:36 PM
I'm not sure if Secunia mentioned it but the flaws were fixed in Thunderbird 0.9, Firefox 1.0, and Mozilla 1.7, if I remember correctly.

mcarvin
Jan 7, 2005, 11:33 PM
I'm not sure if Secunia mentioned it but the flaws were fixed in Thunderbird 0.9, Firefox 1.0, and Mozilla 1.7, if I remember correctly.

While in Redmond, 15 or 20 developers and execs are debating whether or not this is a bug or a feature. They'll get around to fixing it sooner or later - hopefully after Firefox picks up another 1 or 2 points.

Daveway
Jan 7, 2005, 11:37 PM
So where are the other 100 somethings threads telling us about IE holes?
:rolleyes:

Mainyehc
Jan 9, 2005, 08:12 AM
A guy I do freelance for told me a few months ago that I'm "just waiting to be hacked" because I use open source and Macs. Rock on.

Hmmm... I'm sorry to tell you, but we are kind of "waiting to be hacked". We don't exactly know when will that happen, but it will, eventually. If Apple introduces a cheap headless Mac this Tuesday, I think, security-wise, things may change on our side... Don't you think?

mcarvin
Jan 9, 2005, 09:37 AM
Hmmm... I'm sorry to tell you, but we are kind of "waiting to be hacked". We don't exactly know when will that happen, but it will, eventually. If Apple introduces a cheap headless Mac this Tuesday, I think, security-wise, things may change on our side... Don't you think?

Not really. The leet h4x0rz kiddies would actually have to work to get anywhere. The effort/result ratio wouldn't be as great as with Windows. Also, most average Mac users (way way way more than average Windows users, but not Mac experts) are more knowledgeable about how OS X works and know that Macs are more inherently secure than Windows PCs - have to be root to do anything serious but that's disabled by default and the recent security updates blocked the biggest back door, the help system scripting issue. Also, the virus/spyware/adware infrastructure is extremely Windows-centric. This just goes to reinforce the effort/reward theory mentioned above.

I generally do three things for my newbie friends: set up Virex to run weekly, show them how to do a permissions repair, and advise them that they should use VersionTracker or MacUpdate to find and research apps they're interested in. If the app isn't there, then they can always call or IM me and ask my advice.

Chew on this: would the purported headless iMac bump our installed base up enough to warrant the kiddies' time and attention?

solvs
Jan 9, 2005, 09:35 PM
So where are the other 100 somethings threads telling us about IE holes?
:rolleyes:
Dog bites man, not news. Man bites dog, news. :p By now everyone knows IE is like swiss cheese.