close

Privacy guaranteed - Your email is not shared with anyone.

I.E. Bugs. Fix one and here comes another.

Discussion in 'Tech Talk' started by Linux3, Sep 24, 2012.

  1. Linux3

    Linux3

    Messages:
    1,399
    Likes Received:
    0
    Joined:
    Dec 31, 2008
  2. GlockFanWA

    GlockFanWA

    Messages:
    773
    Likes Received:
    46
    Joined:
    Sep 9, 2012
    Location:
    Washington

  3. sappy13

    sappy13

    Messages:
    2,666
    Likes Received:
    1
    Joined:
    Sep 30, 2007
    Location:
    Bremen, GA
    we have 2 clients who have had some flash/IE issues. Only surefire fix we have found is to disable the shockwave plugin. Its either that or they cant access their banking sites that utilize ssl.
     
  4. GlockFanWA

    GlockFanWA

    Messages:
    773
    Likes Received:
    46
    Joined:
    Sep 9, 2012
    Location:
    Washington
    Flash is the devil, no web site should be using it IMO. I usually tell people to enable it by site as needed.
     
  5. Linux3

    Linux3

    Messages:
    1,399
    Likes Received:
    0
    Joined:
    Dec 31, 2008
    But because Firefox and Chrome run in user space potential for harm is much, much less than with I.E. that has hooks into kernel space.

    It is an I.E. flaw in that it's written with no real security in mind.
     
  6. ArrowJ

    ArrowJ

    Messages:
    268
    Likes Received:
    1
    Joined:
    Jun 2, 2004
    Location:
    Illinois
  7. ron59

    ron59 Bustin Caps

    Messages:
    6,927
    Likes Received:
    23
    Joined:
    Jan 3, 2009
    Location:
    Smyrna, GA
    Obviously by your user name you're a Linux guy.

    I don't have the links handy, but being a software developer, I keep up on the news. There have been several *critical* issues over the years involved with Linux.

    Here's one:
    http://www.networkworld.com/community/blog/linux-finally-fixes-six-year-old-critical-bug
    AT THE KERNEL LEVEL. That's pretty serious, and even worse is that it was reported in 2004 but the "fix" never made it to released code or some such nonsense. Really?

    Here's another:
    http://www.theregister.co.uk/2009/08/14/critical_linux_bug/
    Pretty sure it's a different issue.

    There's probably a lot more lurking around, but the hackers aren't targeting Linux because it doesn't have the market share Windows does.

    So easy with the criticism and snobbish elitism... your world is nowhere near as "neat" as you might think it is.
     
    Last edited: Sep 25, 2012
  8. Linux3

    Linux3

    Messages:
    1,399
    Likes Received:
    0
    Joined:
    Dec 31, 2008
    Did you really read this? The system has to be already compromised for this flaw to be exploited. OK, so if you can crack into a system by a method that doesn't exist... Then you can run this exploit and further change from a user to root. Silly
    Yet another "proof-of-concept" crack that has never resulted in a crack of a system.
    Who cares about market share? If crackers were only interested in playing around with desktop systems then yes, MS has a larger share but exploits are about money! Banks everywhere, the New York Stock Exchange, London Stock Exchange, Google, Nasdaq and Wall Street run Linux. That's where the money is and the reason they use Linux is SECURITY.
    Point me to links about Linux systems that were cracked. Not "proof-of-concept", but actual cracks.
    Get out of your dream world. MS has the major share of the desktop, so what. All the big iron, and the big servers use Linux.
    Apple is a much larger company than MS and they use BSD Unix on their desktop and with that and iOS they are making a ton of money. Why? Ease of use and security. iOS and Android are becoming the dominant force on the web.
    Microsoft has the most desktop systems. Big whoop and who cares. The cloud ( Linux servers) and iOS and Android are taking over the Internet.
    Yes, Microsoft is a big company and will be around for years on the desktop but that's not where the future lies.
    Real security engineers know what OS to run.
     
    Last edited: Sep 25, 2012
  9. GlockFanWA

    GlockFanWA

    Messages:
    773
    Likes Received:
    46
    Joined:
    Sep 9, 2012
    Location:
    Washington
    Running in Protected Mode

    Pre-IE 8, especially IE 6, there were a large number of security concerns. With IE 9 and higher MS has taken great steps to eliminate bugs and improve security. Run in protected mode, use inprivate browsing, and don't be a dillweed surfing and you are pretty much as safe as using any other browser out there.
     
  10. ron59

    ron59 Bustin Caps

    Messages:
    6,927
    Likes Received:
    23
    Joined:
    Jan 3, 2009
    Location:
    Smyrna, GA
    While some attacks are against servers (stealing CC numbers and the like), MOST of the attacks aren't THROUGH servers, but instead individual PCs and client software such as the browser. (Flash, Adobe, IE, FF, etc).

    The concepts of breaking into an individual's PC and installing software to "take it over", make it do DoS attacks, and such.... that's done at the PC level. I would say the vast majority of problems are at the individual PC level, not server level. Even this thing you reported is IE related, not IIS related.

    I am proposing that Linux software and applications are just as prone to bugs, BUT THE HACKERS DON'T BOTHER, as there isn't enough return on the investment.

    1. They're really going to be able to succeed with unsophisticated users. Yes, most of those users use Windows as it's "simpler" than them.

    2. You wouldn't be able to "fix" that by having them install Linux. Why? Too complicated for them.

    3. Most people who bother to install Linux are probably more sophisticated than your typical user and aren't going to click on suspicous links and stuff.

    4. So you have a OS (Linux) that has small market share, run by more sophisticated users. And therefore the Hackers don't want to spend the time for the low return on investment. Does that mean Linux itself is a better product? I don't think so.

    5. Windows would be way more secure if people would create user logins that weren't administrative level. But then that restricts them sometimes in day to day activities. So they promote the user to admin level. And open themselves to problems. I wonder how often the same thing happens in the Linux world.

    Since your OP was about IE (a client application on an individual PC), that is the realm of this discussion, NOT to bring in points about the OS that runs on Servers.

    You want to create a thread and debate server OS's that's fine. But for this context, all of your points are moot. You can try again though.
     
    Last edited: Sep 28, 2012
  11. GlockFanWA

    GlockFanWA

    Messages:
    773
    Likes Received:
    46
    Joined:
    Sep 9, 2012
    Location:
    Washington
    Bingo, which is why Apple has seen an uptick in attacks, getting enough market share to make it worth while for an attacker.