• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

OMG! 19 Year Old Vulnerability Only Now Patched????

Skaendo said:
Keeping my mouth shut so I don't get called a Windows hater.
Click to expand...

No!!! I would never, ever do that!!!!! I never do broad brush anything---tho, OK, I have seen that here.

Since having come up this....I think I have not blinked once. My blinking mechanism.....has been frozen.
_____________________________________________
PS: No small irony, only the other day, a special friend of mine, possibly the most brilliant and famous cryptologist in the world....he still has only two old Macbooks and one one runs what you do, but on the other, he runs old OSX....during a lovely, heady exchanger....raised the issue of the extent to which I trust MS.

I replied saying, Phuleeezae....I have no illusions about MS, and then tried to prove it by delineating their ignoble history in detail.

From the minute I came out, my mom said I am too trusting.
 
Last edited:
Skaendo said:
Just in case someone gives flak about HuffPost: (seen here also)
http://www.cnet.com/news/microsoft-patches-19-year-old-windows-bug/
Click to expand...

Truly....does a bug have to be purple and gargantuan to be detected??????

I thought I did such a splendid job of defending W7 to my genius friend!!!!

OMG.....this is crazy scary.

I am not ready to link him to this thread...cause I am not ready yet to endure I told U sos.
________________________________________________________
While I do retain IE 11, IE has not been my default browser for a VERY LONG TIME. I almost never use it.

In another recent thread here, members are happily weighing in re how fabulous E 11 is...how warpspeed, how much better than FX based anything, including Chrome.

Good I did not buy into it. Cept I guess the cheerleaders for it are now safer.
_________________________________________________________
Plus it appears it still works back to being simply savvy re not hitting iffy links, never downloading mysterious attachments and the usual. THE BASICS.

I know I am feeling less gob smacked....cause I just blinked.

And fading Big Blue just reclaimed some of its former blueness. Also, props finally to MS for at least working with them on this.
 
Last edited:
I haven't used IE since like 7 or 8. But recent 'hacking conferences' have shown that FF has just as many flaws. Until now, since they are looking at Tor code/settings.

*Which in turn might make Tor a little less secure since Mozilla is considering setting up some Tor nodes. Then could possibly be forced by 3 Letter government agencies to let them 'collect data'.
 
Last edited:
Virgorising said:
Tell me, what is yr default browser?
Click to expand...

Iceweasel on daily Linux box, Firefox on Windows machines, Tor on secure Linux (Tails).

*I refuse to use google or any related products. IMO they are just government spys. I dont even use android anymore, or any smartphone for that matter.
 
Last edited:
Skaendo said:
Iceweasel on daily Linux box, Firefox on Windows machines, Tor on secure Linux (Tails).
Click to expand...

Thanks! Interesting! I only just learned about Iceweasel for the first time via the link I put up.

Also nice to know you still run Windows, at least on some systems, and run FX on those. I am currently running Pale Moon. Can't avoid running scripts temporarily. It's just not an option.

And re yr take on all things Google, OMG, I came to that like 18 mos ago and got rid for all of it!!!! Is IXquick as helpful or thorough? NO. but I try to stay strong re search engines too.

Course, I am not total addict as is everyone I know, but I do not leave the house without my Samsung Galaxy, and as U can see, I do chose android.
 
Last edited:
I rooted all my androids and got rid of everything google branded (as much as I could).

Firefox has not proved to be very secure. Well at least it's as secure as IE. I don't think anything can be 100% secure though.

Especially cell phones, what with the interceptor towers, SkyLock and StingRay mobile cell phone interceptors.
 
Last edited:
Skaendo said:
I rooted all my androids and got rid of everything google branded (as much as I could).
Click to expand...

I am not up to that yet. I am very attached to my phone. but the expunge Google from my go to puter? U BET....and, I've posted that here more than once.

I could feel the second they crossed the line to total abrogation re privacy invasion....they'd been moving insidiously in that direction before that point....but once they put a toe over that line, I said, YOU GUYS R HISTORY.

Face it, debated this with my world famous genius friend recently too....NOTHING will every be impervious to hacking...NOTHING. He knows it too, of course.

The challenge is to remain vigilant and make enlightened differential decisions ongoing re which is the safest of the available, imperfect OSes, browsers, search engines, etc.

I always wonder if anyone carries an awareness of the reality of having an active Facebook account....increasingly, given what they hadda do to monetize it.
 
Yea, I got rid of facebook years ago when they first started 'updating' their privacy policy.

For searching I've been using DuckDuckGo. They say they don't track. I don't know about ads though, I use adblock for that.
 
Skaendo said:
Yea, I got rid of facebook years ago when they first started 'updating' their privacy policy.
Click to expand...

O! I did the same!!! I still retain Twitter account only for emergency tweets.

Skaendo said:
For searching I've been using DuckDuckGo. They say they don't track. I don't know about ads though, I use adblock for that
Click to expand...

I tried DuckDuck....but then tried IXquick and liked it better. You may wanna try it.

https://startpage.com/eng/press/proxy-anonymous-browsing.html

Anyhow, it appears Windows, IE esp is now finally safer....and, I am sure we are all meant to learn from this revelation, beyond simply the nuts and bolts of a given OS or a browser.
 
Skaendo said:
Thanks. I'm going to give it a try. Looks good. I like their privacy policy. Clean, short and to the point.
It's like Startpage used by Tor.
Click to expand...

They're the same company. Startpage is anonymized pure Google results, while Ixquick is an aggregator like DuckDuckGo.
 
Skaendo said:
Keeping my mouth shut so I don't get called a Windows hater.
Click to expand...

The unfortunate fact is that all operating systems have vulnerabilities and everyone should assume there is something on their system that can be exploited. 19 years is a long time for a hole to be around, but then again Bash was vulnerable for 20 years so nothing is safe it seems.
 
Skaendo said:
Firefox has not proved to be very secure. Well at least it's as secure as IE. I don't think anything can be 100% secure though.
Click to expand...

I wouldn't put Firefox in the same category as Chrome and IE11. The latter two have better mitigations in the form of their sandboxing and low/untrusted integrity processes (on Windows). On Linux the Chrome sandbox is likely even more secure than on Windows if used with a kernel patched with gresecurity (PaX/chroot restrictions).

The latter part of your statement is correct though, nothing is 100% secure. All you can do is hunker down behind the various mitigating techniques that can be used and keep stuff up to date (and use your brain). And on the topic of linux, the state of security on a vanilla linux kernel is laughable so stuff like this:
Skaendo said:
Keeping my mouth shut so I don't get called a Windows hater.
Click to expand...
Really doesn't amount to anything especially in the context of security. Lets also not forget that Debian (which is my distro of choice) has only recently started caring about shipping certain packages with more security focused mitigations enabled (PIE, relro, stack protection). Some of the recent bash bugs may have been defeated by ASLR if distros actually shipped a bash package compiled with PIE (debian does not, debian also uses dash by default for /bin/sh so it was less of an issue but still).
 
DaveStall said:
The unfortunate fact is that all operating systems have vulnerabilities and everyone should assume there is something on their system that can be exploited. 19 years is a long time for a hole to be around, but then again Bash was vulnerable for 20 years so nothing is safe it seems.
Click to expand...
Lets just call it 'The Year of the Bugs'!
TheRyuu said:
I wouldn't put Firefox in the same category as Chrome and IE11
Click to expand...
I haven't trusted IE for some years now, and I don't trust anything that has been cooked up by Google so no Chrome for me thank you very much. Not that I trust FF/IW completely, I just generally don't do stupid things on the internet and FF/IW seems like less of a target (on my Debian distro).
 
Skaendo said:
I haven't trusted IE for some years now, and I don't trust anything that has been cooked up by Google so no Chrome for me thank you very much. Not that I trust FF/IW completely
Click to expand...
I feel like your statement can be taken the wrong way so I should probably clarify, your original statement was this:
Skaendo said:
Firefox has not proved to be very secure. Well at least it's as secure as IE.
Click to expand...
Which is not true due to the better sandboxing and use of 64-bit processes in IE11. This is an evaluation of the mitigations that those respective browsers have. Firefox just isn't very good in this regard.

I'm curious what specifically you don't trust about Chrome (or the completely open source Chromium for that matter) although I suspect the answer is just going to be "Google". Feel free to capture some packets and prove something more substantial. It does have settings that can control stuff related to privacy you know... (IE does as well).
Skaendo said:
I just generally don't do stupid things on the internet and FF/IW seems like less of a target (on my Debian distro).
Click to expand...
I see you like to gamble. I hope you take steps to harden your setup.
 
TheRyuu said:
I suspect the answer is just going to be "Google".
Click to expand...
More specifically, The relationship Google has with government agencies and how they spy, on everyone.
Which leads to the next obvious conclusion, Linux is on my daily laptop, not to mention my current Win10 test rig is my normally HDD-Free live Linux laptop. Because everyone knows you can't trust MS either since they work hand in hand with 3 letter government agencies, collecting right down to keystrokes in Win10TP.

I wouldn't be at all surprised if the reporter that is saying that she has been hacked by a government agency, if they used that exact vulnerability to gain access to her computer, and MS was told to have it there for just that reason. Just like when the NSA asked Linus Torvalds to create backdoors in Linux for them, but of course US companies would have caved to the pressure.
 
ketchup79 said:
Thank you. The first article was about as vague as one could get. Reading the details makes me think that most modern browsers (aside from IE) would prevent such an occurrence.
Click to expand...

I would not count on that.:|
______________________________________
Late edit: one of the things I cherish about community and"villages" is team efforts can thrive.
 
Last edited:
Skaendo said:
Keeping my mouth shut so I don't get called a Windows hater.
Click to expand...

Shellshock says Hi.

But seriously, they've all got vulnerabilities and by definition the vulnerability is there *until* we stumble upon it or catch someone using it in the wild. The first rule of programming is that there's no such thing as bug-free code.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top