On Fri, Jan 22, 2010 at 04:45:03PM +0100, Dan Kaminsky wrote: > So which browser exactly is the secure one?
w3m in text-only mode...on OpenBSD...on Sparc? ;-) More seriously, there is no secure one, any more than there's a "safe" car. Just some that are more so, or less so. I think Firefox + NoScript + AdBlock + TACO is a pretty good move in the direction of "more so". (Certainly not the only such possibly move, nor necessarily the optimal move, just one of many.) I think IE is a very large move in the direction of "less so", to the point where nobody should be making it: I'm not sure how it's possible to do any worse. Meanwhile, Microsoft has essentially unlimited personnel and financial resources. They could hire 500 top-notch staff tomorrow, pay them out of petty cash, and completely rewrite IE with security as the overarching design goal -- if they wanted to. They could have done so years ago -- if they wanted to. That they haven't speaks volumes about their disinterest in making it secure. Oh, they'll make nice noises and patch it and whatnot, but that's just more "We Take This Matter Very Seriously" corporate BS. Meanwhile, they're plowing enormous resources into what I'll loosely term The Placate Big Content Effort. ---Rsk _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
