News
October 1, 2006
Hot on the heels of new Firefox security chief Window Snyder...
Poster: Logan King
Posted on October 1, 2006 at 6:12:24 PM
A new and possibly crippling flaw in Firefox is discovered.
It appears to me that all that is needed to avoid it is NoScript and some common sense, but those without either may be in very large trouble.
Quote
"Internet Explorer, everybody knows, is not very secure. But Firefox is also fairly insecure," said Spiegelmock, who in everyday life works at blog company SixApart. He detailed the flaw, showing a slide that displayed key parts of the attack code needed to exploit it.
The flaw is specific to Firefox's implementation of JavaScript, a 10-year-old scripting language widely used on the Web. In particular, various programming tricks can cause a stack overflow error, Spiegelmock said. The implementation is a "complete mess," he said. "It is impossible to patch."
It appears to me that all that is needed to avoid it is NoScript and some common sense, but those without either may be in very large trouble.
June 26, 2006
Bugs are Good for the Internet
Poster: Aron Schatz
Posted on June 26, 2006 at 2:11:00 PM
How can you secure something if you don't discover an exploit. The law should promote white-hat hacking (PDF). I agree with the statement. Not all hackers and hacking are bad.
Quote
Exploitation of security holes prompts users and vendors to close those holes, vendors to emphasize security in system development, and users to adopt improved security practices. This constant strengthening of security reduces the likelihood of a catastrophic attack -- one that would threaten national or even global security [...] Current federal law, however, does not properly value such strategic goals.
Page:
[1]