Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: CRITICAL??? - Seven New Flaws in Internet Explorer not addressed by MS03-040 or MS03-048
From: Fish (fishINFIDELS.ORG)
Date: Fri Nov 28 2003 - 02:37:37 CST
-----BEGIN PGP SIGNED MESSAGE-----
Nick FitzGerald wrote:
> If you give half a nob of goat s**t about your security,
> turning off active scripting has been necessary since IE
> has supported it. [...]
> "Active content" is just wrong.
> Self-modifying active content doubly so.
> If you must use IE just say no to scripting
You'll get no argument from me. :)
> as nearly every exploitable vulnerability in IE ever has
> required scripting to actually make it usable and thus useful
> to your potential attackers.
> However, if you or your users prefer web sites that work
> (because so many of them are "designed" ...
> ...[to use] scripting, [...]) then consider using another
Or selectively dynamically disable/enable scripting on a web-page by
web-page (or site by site) basis via a product such as AdCruncher
which not all pop-up blockers do.
(Is this better Russ? :)
"Fish" (David B. Trout)
Fight Spam! Join CAUCE!
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4
-----END PGP SIGNATURE-----
NTBugtraq subscribers save $103.00 off the TICSA exam by using promo
code "NT1003" when registering to take the TICSA exam at www.2test.com.
Prove to your employer and peers that you have the knowledge and
abilities to be an active stakeholder in today's enterprise security.
Become TICSA certified www.trusecure.com/ticsa. Promotion expires
12/31/03 and cannot be used in combination with other offers.