Neowin.net

Australia !!

WALES!

wales very gets mentioned

Bore da!

QUOTE

one of the reasons i like neowin is because this is one of the few places on the web where you can find people who know they have a choice, but for whatever reason choose IE (maybe due to a nasty slip in the bathtub at a younger age, but i digress). it's fun to watch their reaction whenever something like this pops up

There have been lots of security flaws reported in mozilla recently, therefore i fail to see how it has been proven that mozilla is flawless. I use IE most of the time and Mozilla some of the time.
Incidently all the non-geekly people who installed mozilla at the time when the US government first said they should are now exposed to the LibPNG Graphics Library Remote Buffer Overflow Exploit

I mean with IE flaws we all get to know about them, with mozilla flaws they are very under reported

QUOTE

I mean with IE flaws we all get to know about them, with mozilla flaws they are very under reported

Hmm... But this is a fixed bug right?
From both spoof pages, I just get error messages like:

QUOTE

XML Parsing Error: undefined entity Location: http://www.nd.edu/~jsmith30/xul/test/browser2.xul Line Number 231, Column 35:ą쀈ƒ֨׻ ----------------------------------^

Anyway, Fx bugs are underreported since the browser isn't very common.
IE bugs are more important to know about due to the amount of users affected by them.

QUOTE

LibPNG Graphics Library Remote Buffer Overflow Exploit

Yes, but just like with IE, you should upgrade your browser when updates are available. This one was also fixed. The difference that's usually seen (and I speak from own experience) with Firefox isn't that exploits don't exist -- they certainly do -- but that exploits are more quickly fixed.

Speaking of PNG, I really hope they make IE 7 support alpha transparency without using DirectX filter tricks.

Last edited by 21023 on 13 Sep 2004 - 14:15

i never said mozilla was 'flawless.' what software is?

QUOTE

Hmm... But this is a fixed bug right?

The point was if i had followed the advice of the US government when the said my computer could have been taken over by looking at a doggy .PNG.

QUOTE

Anyway, Fx bugs are underreported since the browser isn't very common.

I heard that usage was at 14% which is pretty high. Most people don't like updating software, especially if they never hear about the reason why !

A big rubber sheath over your PC that prevents you from really accomplishing anything?

Damn right... I installed it recently having not tried it since it first came out, and the damn thing couldn't even CONNECT to the internet through my router, so a pretty thick rubber shield it's got right there!! The first browser I've tried which can't!

Opera, the browser that's SO secure, it can't even connect to the internet!

FFM

Man, your router really sucks

damn rigth u are. a guy who cant get a browser to work, he needs some doses of neowin.

Funny you should say that... Not a single other piece of software has any trouble with it! Just Opera... and yes, it really DID surprise me too cause I'm well aware of how good it's reported to be

I'm not slagging Opera off, I was just gobsmacked that it couldn't detect my router, let alone traverse my NAT!
IE autoconfigures for it, Mozilla autoconfigures for it, Firefox autoconfigures for it, Hell... even Netscape autoconfigures for it. Opera won't even manually configure let alone automatically!

FFM

"Considering the high amount of german hacker kiddies there are in germany"

lol, are you saying there are unusually many hackers in Germany? Why do you think that?

QUOTE

I suspect the same people would willingly hand over credit card details if someone pretending to be from the bank called them up on their mobile.

You're probably very right there. My mum works in the local supermarket and as the UK is rolling out this Chip & PIN thing on bank cards etc she has to start asking people if they know their PIN number or something. It's amazing the reactions she gets. Some people say "Yes but you're not having it!!" while others will just give her their PIN. Considering the amount of access she has to those cards she could easily do quite a bit of damage, methinks.

People are idiots *sigh*

(PS: I still use IE. Hack me. I dare you.)

The germans are a rather special folk. Of everything that exists, they've always multiple times more than any other european country. Especially when it comes to electronics trendwhoring.

Well, I had a german at my place and she wasn't particularly trendy at all, her friends having a lot of fun shopping etc, but it's not like there's any exclusive stuff to find where I live. And then you'd think she was *unusually* into these things since she was a girl.

I somehow doubt they were unusual too. Sounds like a nasty case of German-jitter

Phishing could be eliminated with the installation of S/MIME gateway servers. Each business could have it's own certificate server (provided in Windows Server 2003 and other systems) which could then be trusted by a major cert provider.

All outbound messages would be signed as coming from the company - and all inbound messages would be verified as well - without having to roll-out and configure S/MIME on every users machine and issue them each with a digital ID.

Best of all, this would enable encrypted communications with your service providers. They could email passwords, account balances, account numbers, etc. Currently most organizations mail or phone such information after a cursory check like "what was the amount of your last deposit?"

Such questions are easy to defeat. Anyone with an account number can make a deposit - so all you have to do is deposit $1 into the account and when they ask the question, the perp can answer confidently. And you don't need any ID to deposit funds into someone's account, so it could be done anonymously.

At least with S/MIME you know who you are talking to.

I agree about all you said, and that's one reason I use Firefox.

Are we forgetting the problems caused by ActiveX now? There has to be some actual holes if a browser is to be less secure. I can't see how Firefox could get less secure than IE.

C'mon. We all know that it'll happen sooner or later. Might as well get the truth near the top of the page.

QUOTE

If Firefox (which is what I use, BTW) were to gain IE's popularity, then it would be the one targeted....

I agree... security is OBVIOUSLY dependant upon the number of people that use a product, rather than the developers and security philosophy.

Do people not get bored of dragging out that response everytime Firefox is mentioned??

Does that mean all cars are equally safe and that only the number of owners affects the crash rate? Does that mean that all padlocks are just as secure as each other and it is only the number of users that affects how many are broken into?

Care to spread anymore crap? I'm not saying that Firefox is never cracked or is perfectly secure - but arguing that it would suddenly turn to crap when people start using it ISN'T a very sound arguement.

t.a.c.f.y.

QUOTE

...(some stuff of doubtful veracity)... but arguing that it would suddenly turn to crap when people start using it ISN'T a very sound arguement.

Oh, but for the joys of reading - - - WITH COMPREHENSION! I'm not gonna re-quote Ironmans statement, you've already done that, and it didn't seem to stick. He didn't say anything about a product turning to crap because it was the most popular. At least, I don't see "crap" listed as a synonym for "popularity" in any of the dictionaries I can find.

Drop the Evelyn Wood course, and go back to reading for understanding instead of speed. You'll enjoy life a whole lot more, trust me.

So decrees....


Da Judge

Sorry, but I agree with t.a.c.f.y. if not maybe with his choice of words. But it's obvious does think there is a direct relationship between vulnerabilities and popularity as you can see from this statement:

QUOTE

IE is vulnerable because it's popular

Which is total BS of course, a product is either vulnerable or it isn't, the only thing popularity does is find those vulnerabilities really quickly.

What I do agree with is that Mozilla/FireFox each have their own share of vulnerabilities and their rising popularity will show in the end if they are really much more secure or not.

I agree with Ironman. Hackers are after the most gain for the least effort (ie. they are lazy) and are obviously going to target the browser with the most users to get the most effect. With the advent of Service Pack 2 for XP, I dont think IE is any less secure than any other browser, firefox included. Plugins can no longer install without your knowledge and users actually have to ACCEPT things to become infected now.

I think the only solution to alot of these security concerns is USER EDUCATION. I know at least 3 people who have been to PC World and purchased a PC and just plugged it into the internet without any kind of protection like a firewall or anti-virus and then were surprised when their PC suddenly stopped working correctly.

Although I know this will probably not get read since it's not new news anymore, my point was not that popularity=vulnerability. My point was that holes exist everywhere. The exploits to take advantage of those holes increase as the popularity increase. I find it very hard to believe that Firefox is a true iron wall of security that has no bugs or holes. These holes are not exploited because of the smaller (although growing) user base, as someone posted above, hackers are lazy.

As far as ActiveX, which was a big security hole, it was a matter of making a web browser more user friendly. Imagine, if you will, a house. If it had no doors or windows, it would be very secure, yet hard to get in and out of. That's why most houses have windows and doors, even though most burglars break in through them. Sure, a burglrar could develop a plan to blow a hole straight through a wall, but why shoudl he? The delicate balance is to make an item (house, browser, car, girlfriend) as user friendly as possible while still securing it against the bad people.

The flaws in Active X far outnumber the benefits, it was a bad idea.

true. and at least a regression bug in firefox won't take down your entire system and require a reformat.

Obscuriy? And here I thought Mozilla was open source... yep obscurity

Secunia does not know how to count vulnerabilities. IE has many more than 18 if you include ActiveX and other technologies used within IE. Those guys don't actually research/test for bugs, they only report on them and often "after" MS has released a patch for them.

I would not trust secunia any farther than I could throw them.

Secunia does seem to be heavily biased in favor of Microsoft. They only show Windows XP as having about 3 times as many vulnerabilities as OS X.

Nope. 'DickKopf' could be translated 'fathead'. But 'Dickkopf' is synonymous for 'stubborn' in german...

Actually, "dicke" is pronounced "deeka", and is a direct translation for "thick". In most dialectic vernacular, it is a collloquilism for "a person of exceeding girth", just as English speakers use "fatty" as an insult. Used in this sense, it certainly does translate directly to "fathead", although it would probably be shunned in High German.

But I've yet to meet a German who demands that I use only High German - they too are rather fond of idioms and street slang.

So remembers....


Da Judge

That is exactly what I was thinking.

QUOTE

I will never understand why someone would defend a browser with "less" features and "more" security vulnerabilities.

You must be new here. Welcome to neowin. Here is a quick guide to get you started:

At neowin, the following are considered good:
1. microsoft
2. IE
3. Intel
5. republicans & G. W. Bush
6. xbox

At neowin, the following are considered to suck:
1. IBM & Apple
2. Mozilla
3. AMD
4. GNU/Linux
6. Sega & Nintendo & Sony

Please post accordingly in the future.


Last edited by 2629 on 14 Sep 2004 - 06:13

I really do hope your joking.

QUOTE

I really do hope your joking.

LMAO... it sounds about right, actually.

Someone really is going to have to fill me in on this whole fan boy thing, i just don't get it. The way i see it is most of us are all looking for the best and newest developments and innovations in technology and doesn't sticking to one vendor like a lover kinda defeat that logic. IE is a prime example of this, its a browser that hasn't been updated in three years and even its developers have admitted its behind the times, so why do people call others foolish for using something else.

As for the security issues regarding IE, can you really blame security departments for advising users to switch browsers, because as it stands IE is not a very secure browser and its not only the percentage of users that is the reason for this, despite the majority of people thinking it is although i am not dismissing it as a big factor. Many of the failing of IE are its total intergration with the OS and not to mention the cock up that is Active X. IE has, and im sure will continue to cause massive downtime and loss of data. It is the job of these firms to advise people on appropriate actions to take including changing browsers, not because they have a grudge against MS but because it is the prudent course of action to take.

Oh yeah and about your points about whats good and bad on neowin

1) MS is good, they have made great office software and a fairly good OS, not to mention great innovations like Media Centre (Although the method of getting it is pretty crappy). IBM can't be bad if you like MS, because don't forget its their chips that are going into the next gen XBOX that according to your list is also a good thing to like. Apple is a great company and its hard to dispute that they are pulling ahead in the OS department and not letting users down by pulling features to make deadlines (anyone remember Cairo, wonder if WinFS is going to be another actual product turned vision of the future due to lack of resources) also they have the whole digital music market, iPod and pretty damn good hardware, not to mention an actual realisation that looks and and function are major attributes in modern day computer use.

2) IE is good i will admit that, it has a great engine that was worth every penny MS paid for it, although feature wise its pretty behind and i think will be until Longhorn ships. Other browsers are keeping up to date and one of the most popular of them is Mozilla, and not everybody uses it in some misguided attempt to stick it to MS, currently as far as security and features goes its ahead of IE good enough reason in my book to like it.

3) Someone else is going to have to explain processor love, the way i see it AMD and Intel are just in a race and so far there has been no clear winner, one is in front one month, the other takes over the next month. Also horses for courses could be a good analogy for processor choice.

4 & 5) im not going to answer the party choice as im not an American, although what affects your declining economy affects ours and i personally don't see Bush as being bright enough to run the US, he has had a bad term and i wouldn't like to see an encore (IMHO my reasons don't belong in this thread). As for the clearly racist point you made, all i will say is a big FU and hope the admins spot your post but i will go ahead and report it anyways, just in case.

6) I fail to see how anyone can hate SEGA, Nintendo and Sony as all three of these companies have brought us hundreds of great products over the years and im sure will do in the future.

Also i was being deadly serious about fan boy'ism being explained to me, i really don't get it and actually find it kinda sad. If anyone can give me a valid reason for falling head over heels for a company or platform losing the ability to see what else is on the market i will concede but it better be a good reason.

Yes its true IE is the most targetted browser, however, its the fundamental design of the browser and the way its tied into the OS that is the issue. Active X was never a good idea ever.

agree but what about apache is the most used webserver and it have less flaws than the microsoft one so ie is vulnerable not because its the most used only is it because its bad designed

QUOTE

not because its the most used only is it because its bad designed

You said it man

I think the only way for people to stop bitching is for microsoft to start developing software as if they were making toys for babies.

Actually i would say that MS need to make the computer safer at default levels. Nothing is going to change the way most people feel about computers for most they are just tools and thats it. i know sod all about fixing my car because when it comes to anything other than driving it i just don't care, chances are i will never care and for most people with a computer its the same thing.

They could for example

Get rid of the mistake that was Active X or at least add a sandbox.
Actually use a permissions system.
Not load up services that are not needed.
Make automatic updates on by default.
de-intergrate IE from the OS.

These are just five things that should of been done in the development of XP and more skilled users than i would be able to point out many more, most of them are too late to do now and most of SP2 should also have been part of the initial offering. Guess we will have to wait to see what longhorn brings us, i hear they are trying to firm up but we will see.