I don't know about you Rafel, but I know people in your company think XP
SP2 is full of holes also. =)
"Ten new security holes in Windows XP Service Pack 2 have been
discovered, so get ready to insert new patches into your patch
management schedule. Microsoft recently announced their Security
Bulletin Advance Notification Program, which gives administrators a
several days advance notice of upcoming patches, however these new
security holes were announced by security product maker Finjan
Software."
http://www.winnetmag.com/Windows/Article/ArticleID/44502/Windows_44502.h
tml
Great ten more patches they won't released for Windows XP Gold or
Windows
2000....
I think the founder of Finjan is speaking my language as well...
Shlomo Touboul, CEO and Founder of Finjan Software, said "Windows XP SP2
operating system is a continuation of the same Windows XP Operating
System and Windows Kernel. All Windows versions have been developed with
requirements for highest backward compatibility and open architecture,
with maximum productivity and ease of use. In addition, Windows
applications typically run with administrative permission with full and
unlimited access to computer resources."
Sound familiar?
-Todd
> Rafel Ivgi, The-Insider
> Security Consultant
>
Malicious Code Research Center (MCRC)
>
Finjan Software LTD
> E-mail: rivgi
Finjan.com
> ---------------------------------
> Prevention is the best cure!
> ----- Original Message -----
> From: <Colin.Scottcsplc.com>
> To:
<full-disclosurelists.netsys.com>
>
Sent: Friday, November 12, 2004 12:46 PM
>
Subject: Re: [Full-Disclosure] IE is just as safe as FireFox
>
>
> Oh yeah, I've got 14,000 Windows 2000 machines to update to
> windows XP SP2,
> hang on wheres that CD?
>
> So thanks for your
infinate wisdom there Rafel.
>
> Colin.
>
>
>
>
>
>
>
>
>
>
> "Rafel Ivgi,
>
The-Insider"
> <theinsider012.n To
> et.il> <full-disclosurelists.netsys.com>
> Sent by: cc
> full-disclosure-a
> dminlists.netsys Subject
>
.com Re: [Full-Disclosure] IE is just as
>
safe as FireFox
> 12/11/2004 06:44
>
>
>
> That
is incorrect, there is a fix --> SP2.
>
Users should use the latest updated system, meaning if there
> is an SP2,
> they
> should install it.
>
>
> Rafel Ivgi, The-Insider
> Security Consultant
>
Malicious Code Research Center (MCRC)
>
Finjan Software LTD
> E-mail: rivgiFinjan.com
> ---------------------------------
> Prevention is the best cure!
> ----- Original Message -----
> From: "Martin Mkrtchian" <dotsecuregmail.com>
> To: "Todd Towles"
<toddtowlesbrookshires.com>
> Cc: "Mailing
List - Full-Disclosure"
>
<full-disclosurelists.netsys.com>;
> <ring-of-fireyahoogroups.com>
> Sent: Friday,
November 12, 2004 3:03 AM
> Subject: Re:
[Full-Disclosure] IE is just as safe as FireFox
>
>
> > They should've at least released that statement after
they
> fixed the
> > IE FRAME vulnerability. 0 day exploit is in the wild
and no fix for
> > it, yet they claim its
secure enough.
> >
> > If the programmers are as smart as the company press
> releasers, I can
> > see why I.E. still sux.
> >
> >
> > Martin
> >
> >
> > On Thu, 11 Nov 2004 15:59:20 -0600,
Todd Towles
> > <toddtowlesbrookshires.com> wrote:
>
>> Microsoft's security and mangement product manager (Ben English)
> says...
> >>
> >> At
a security roundtable discussion in Sydney on
> Thursday, Ben English,
> >> Microsoft's security and management product
manager, told
> attendees
> that
> >> IE
undergoes "rigorous code reviews" and is no less
> secure than any
>
>> other browser.
> >>
> >> "Because IE is ubiquitous, you
hear a lot more about it,
> but I don't
> >> think that Internet Explorer is
any less secure than any
> other browser
> >> out there," English said.
> >>
> >>
>
http://news.com.com/Microsoft+says+Firefox+not+a+threat+to+IE/
> 2100-1032_
> >>
3-5448719.html?part=dht&tag=ntop&tag=nl.e433
> >>
> >> Can
anyone say IFRAME? Lol
> >>
> >> -Todd
> >>
> >>
_______________________________________________
> >> Full-Disclosure - We believe in it.
> >> Charter:
http://lists.netsys.com/full-disclosure-charter.html
> >>
> >
> >
_______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter:
http://lists.netsys.com/full-disclosure-charter.html
>
>
>
>
>
>
>
**************************************************************
> ************************
>
> This e-mail is
confidential and may contain privileged
>
information. If you
> are not the addressee
or if you have received the e-mail in
>
error, it may
> be unlawful for you to read,
copy, distribute, disclose or
> otherwise
use the
> information which it contains.
Under these circumstances,
> please notify
> us immediately by returning this mail to
> 'mailerrorcsplc.com'
and deleting
> this e-mail from your system.
>
> Any
views expressed by an individual within this e-mail do
> not necessarily
>
reflect the views of Cadbury Schweppes Plc or its
> subsidiaries. Cadbury
>
Schweppes Plc will not be bound by any agreement entered into
> as a result
> of this
email, unless its intention is clearly evidenced in
> the body of the
>
email.
> Whilst we have taken reasonable
steps to ensure that this e-mail and
>
attachments are free from viruses, recipients are advised to
> subject this
> mail
> to their own virus checking, in keeping
with good computing
> practice. Please
> note that email received by Cadbury
Schweppes Plc or its
> subsidiaries may be
> monitored in accordance with the
prevailing law in the United Kingdom.
>
>
**************************************************************
> ************************
>
>
_______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
http://lists.netsys.com/full-disclosure-charter.html
>
>
_______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
http://lists.netsys.com/full-disclosure-charter.html
>
_______________________________________________
Full-Disclosure - We
believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
