Dailydave mailing list archives
Real Security
From: Dave Aitel <dave () immunityinc com>
Date: Sat, 20 Oct 2007 12:34:19 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We released a reliable exploit for the new RealPlayer bug into CANVAS Early Updates this morning which makes me wonder why NASA retracted their request for all their contractors and employees to use Firefox instead of IE, instead asking them to just uninstall RealPlayer.[1] I thought the original request made a lot of sense: If the employees stop using IE, they don't have to worry about the next big ActiveX vulnerability. And it's something you can easily block at the gateway of your organization: just filter on UserAgent. In any case, it was more ballsy than you'd expect from a big government organization. - -dave [1] http://www.infosecblog.org/2007/10/nasa-bans-ie.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHGi4JB8JNm+PA+iURAlsgAJ90fAuWJS0GcKNHFTcXP5JpnDBdUQCfSDJk x4BFwUoF1anZEy1H+x6Iz48= =ww/j -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Real Security Dave Aitel (Oct 20)