Ειδήσεις του dotNETZone.grhttps://www.dotnetzone.gr:443/cs/forums/10/ShowForum.aspxΣχολιασμός των ειδήσεων της πρώτης σελίδας του dotNetZone.grelCommunityServer 2.1 SP3 (Build: 20423.1)Writing Secure Web Browsers in Hardhttps://www.dotnetzone.gr:443/cs/forums/thread/1943.aspxThu, 12 May 2005 08:37:02 GMT2622095e-976c-431a-859e-16783ec7ecd7:1943George J. Capnias0https://www.dotnetzone.gr:443/cs/forums/thread/1943.aspxhttps://www.dotnetzone.gr:443/cs/forums/commentrss.aspx?SectionID=10&PostID=1943<p align="justify"><font face="Georgia" size="2">Πριν από καιρό όταν πρωτοπαρουσιάστηκε ο FireFox όλοι πίστεψαν ότι ένας ασφαλής Web Broswer είχε εμφανιστεί. Από την στιγμή που το Mozilla Foundation αποφάσισε να προσφέρει αμοιβή στον καθένα που έβρησκε ένα σοβαρό security hole στο Web Browser του, άρχισε να πέφτει βροχή security holes! Ενώ ο FireFox ετοιμάζεται για το 1.04 release του, πολλά ερωτηματικά υψώνονται για την ασφάλεια που παρέχει...<br /><br /> <table class="itemlayout" bordercolor="#cccccc" cellspacing="0" cellpadding="0" width="90%" align="center" border="1"> <tbody> <tr> <td> <table cellspacing="0" cellpadding="5" width="100%" bgcolor="#eeeeee" border="0"> <tbody> <tr> <td class="controlbutton" align="middle" width="25"></td> <td class="windowtitle" width="100%"><font face="Tahoma" size="2"><strong>Writing Secure Web Browsers in Hard</strong></font></td> <td class="closebutton" width="25"></td></tr> <tr> <td class="windowbackground" colspan="3"> <p><font face="Tahoma" size="2">I'm not making excuses, just stating facts. In fact, I just read this from SANS... emphasis is mine.</font></p> <p><a target="_blank" title="http://www.sans.org/newsletters/newsbites/newsbites.php?vol=7&amp;issue=19" href="http://www.sans.org/newsletters/newsbites/newsbites.php?vol=7&amp;issue=19"><u><font color="#0000ff"><font face="Tahoma" size="2">http://www.sans.org/newsletters/newsbites/newsbites.php?vol=7&amp;issue=19</font></u></font></a></p> <p align="justify"><em><font face="Tahoma" size="2"><strong>Fixes Not Yet Available for Firefox Vulnerabilities</strong> (9 May 2005)<br />Two vulnerabilities in the Firefox web browser could allow attackers to gain control of users' computers just by getting them to visit a maliciously crafted web site. Mozilla is recommending that Firefox users disable Javascript or lock down the browser to prevent it from installing additional software. There is no a patch available, although information about the vulnerabilities and proof-of-concept exploit code have already been released. Mozilla plans to release an update, Firefox 1.0.4, as soon as possible.<br /><br /></font>&nbsp;- </em><a target="_blank" title="http://informationweek.com/story/showArticle.jhtml?articleID=163100338" href="http://informationweek.com/story/showArticle.jhtml?articleID=163100338"><u><font color="#0000ff"><font face="Tahoma" size="2"><em>http://informationweek.com/story/showArticle.jhtml?articleID=163100338</em></font></u></font></a><br /><em>&nbsp;- </em><a target="_blank" title="http://www.vnunet.com/news/1162904" href="http://www.vnunet.com/news/1162904"><u><font color="#0000ff"><font face="Tahoma" size="2"><em>http://www.vnunet.com/news/1162904</em></font></u></font></a><br /><br /><font face="Tahoma" size="2"><em>Editor's Note (Schultz): </em></font><font face="Tahoma"><font size="2"><em><font color="#ff0000"><font color="#000000"><strong>The number of vulnerabilities in Firefox recently has been alarming. At first Firefox appeared to be an attractive alternative to Internet Explorer (IE) for security reasons, but IE is now looking better and better in comparison</strong>.</font> <br /><br /></font>(Shpantzer): There's so much hacking at the application layer, at some point we'll have to actually lock down configurations for all browsers, regardless of the security mythology that surrounds the project's code and architecture. If you have a supposedly 'secure' browser that's insecurely configured, well, it's not very secure.</em></font></font></p><font face="Tahoma" size="2"><img height="1" src="http://blogs.msdn.com/aggbug.aspx?PostID=416618" width="1" /></font><a target="_blank" title="http://blogs.msdn.com/michael_howard/archive/2005/05/11/416618.aspx" href="http://blogs.msdn.com/michael_howard/archive/2005/05/11/416618.aspx"><font face="Tahoma" size="2">Original Link<br /><br /></font></a> <div class="newsitemfooter"><font face="Tahoma" size="2">Today 02:45 | michael_HOWARD</font></div></td></tr></tbody></table></td></tr></tbody></table><br /><br />George J.</font></p>