IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

New Sounds like the lesson is don't run Adobe Flash and Reader..
New How so?
My takeaway is "keep the fuck away from Firefox".
New My scan of it was ...
The baseline modern browsers seemed Ok (not impossible to break into, but Ok) but Adobe Reader and Flash made it much easier.

The language of the article was a bit too gee-whizzy for my taste - it was hard to tell if any of them were all that much better than the others.

A story that's a bit clearer to me is - http://www.zdnet.com...uying-7000027331/

- Flash in IE sandbox bypass/overflow
- PDF in IE sandbox bypass/overflow
- IE sandbox bypass/overflow
- Chrome sandbox bypass/overflow
- Firefox sandbox bypass/overflow
- Safari sandbox bypass/overflow

It's great that these competitions are held and that differences are found, but I'm not sanguine that IE is somehow worth using. Devil's in the details.

- click on a link
= Are you sure you want to visit that site? It might be dangerous!
- click Yes.
= Are you really sure? Should I check it for you first?
- click Yes. Click No.

( Site HTML gets run through SBS&D and MS Security Bob and Don't Hijack Me Bro and ... on the client)

( 10,000 cookies are set and read, browser history is uploaded to several ad servers, and everyone is happy because there are no viruses or trojans! )

And so forth... :-/

Virus/Security battles are never-ending. Anything that has write access can potentially infect a computer...

http://en.wikipedia....licating_programs

In 1984 Fred Cohen from the University of Southern California wrote his paper "Computer Viruses – Theory and Experiments".[71] It was the first paper to explicitly call a self-reproducing program a "virus", a term introduced by Cohen's mentor Leonard Adleman. In 1987, Fred Cohen published a demonstration that there is no algorithm that can perfectly detect all possible viruses.[72]


FWIW.

Cheers,
Scott.
New It's all a bit depressing.
It shows what happens when convenience trumps security. :-/

Wade.
Just Add Story http://justaddstory.wordpress.com/
New You're assuming they actually made a conscious choice
--

Drew
New Oh I know it's usually not.
It takes quite a lot of skill and ingenuity to implement security without sacrificing convenience. And that's when it's even possible.

Wade.
Just Add Story http://justaddstory.wordpress.com/
     Pwn2Own: all browsers hacked - (pwhysall) - (7)
         Sounds like the lesson is don't run Adobe Flash and Reader.. -NT - (Another Scott) - (5)
             How so? - (pwhysall) - (4)
                 My scan of it was ... - (Another Scott)
                 It's all a bit depressing. - (static) - (2)
                     You're assuming they actually made a conscious choice -NT - (drook) - (1)
                         Oh I know it's usually not. - (static)
         turn flash off, no agravation waiting for it to gack - (boxley)

Hopefully it was a very temporary victory of the ignorant.
40 ms