funsec mailing list archives

RE: Security flaw touches Windows Media Player, IE

From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Fri, 21 Oct 2005 05:56:30 +1300

Larry Seltzer to Valdis:

Unfortunately, the software still comes with shiny clickable buttons 
that let you turn that stuff back on.  This is important because people 
*will* click on shiny clickable buttons if promised dancing hamsters as a 
result.


This is nonsense. It is not easy or obvious to non-experts how to change
this specific setting: 

      Tools-Options
      Security Tab
      Change the selected Zone in the list.


True but irrelevant.

Instead of depending on a gormless user hopefully having worked out 
that sequence of "shiny clickable buttons" for themselves, they use the 
IE exploit du jour to run code on the machine, which among other things 
shunts the security zone settings if desired...


Regards,

Nick FitzGerald

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Security flaw touches Windows Media Player, IE Fergie (Paul Ferguson) (Oct 18)
- RE: Security flaw touches Windows Media Player, IE Richard M. Smith (Oct 18)
  - RE: Security flaw touches Windows Media Player, IE Aditya Deshmukh (Oct 18)
    - RE: Security flaw touches Windows Media Player, IE Richard M. Smith (Oct 19)
    - Re: Security flaw touches Windows Media Player, IE Valdis . Kletnieks (Oct 19)
    - RE: Security flaw touches Windows Media Player, IE Larry Seltzer (Oct 19)
    - RE: Security flaw touches Windows Media Player, IE Richard M. Smith (Oct 19)
    - RE: Security flaw touches Windows Media Player, IE Larry Seltzer (Oct 19)
    - RE: Security flaw touches Windows Media Player, IE Nick FitzGerald (Oct 20)