From: Fish (fishINFIDELS.ORG)
Date: Fri Nov 28 2003 - 02:37:37 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Nick FitzGerald wrote:

<snip>

> If you give half a nob of goat s**t about your security,
> turning off active scripting has been necessary since IE
> has supported it. [...]

<snip>

> "Active content" is just wrong.
>
> Self-modifying active content doubly so.
>
> If you must use IE just say no to scripting

You'll get no argument from me. :)

> as nearly every exploitable vulnerability in IE ever has
> required scripting to actually make it usable and thus useful
> to your potential attackers.
>
> However, if you or your users prefer web sites that work
> (because so many of them are "designed" ...
<snip>
> ...[to use] scripting, [...]) then consider using another
> browser.

Or selectively dynamically disable/enable scripting on a web-page by
web-page (or site by site) basis via a product such as AdCruncher
Proxy (http://home.sprintmail.com/~dtrout/AdCruncher/ReadMe.html),
which not all pop-up blockers do.

(Is this better Russ? :)

- --
"Fish" (David B. Trout)
   fishinfidels.org

Fight Spam! Join CAUCE!
http://www.cauce.org/

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4

iQA/AwUBP8cJUEj11/TE7j4qEQI8KwCfS4hW11r3/j15ufy5Ut3h1e0W2zcAoJRO
XtzbKLICGDpgh67hqkMvCI+h
=q75P
-----END PGP SIGNATURE-----

----
NTBugtraq subscribers save $103.00 off the TICSA exam by using promo
code "NT1003" when registering to take the TICSA exam at www.2test.com.
Prove to your employer and peers that you have the knowledge and
abilities to be an active stakeholder in today's enterprise security.
Become TICSA certified www.trusecure.com/ticsa. Promotion expires
12/31/03 and cannot be used in combination with other offers.

----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]