[Dailydave] Real Security
Dave Aitel
dave at immunityinc.com
Sat Oct 20 12:34:19 EDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
We released a reliable exploit for the new RealPlayer bug into CANVAS
Early Updates this morning which makes me wonder why NASA retracted
their request for all their contractors and employees to use Firefox
instead of IE, instead asking them to just uninstall RealPlayer.[1] I
thought the original request made a lot of sense: If the employees
stop using IE, they don't have to worry about the next big ActiveX
vulnerability. And it's something you can easily block at the gateway
of your organization: just filter on UserAgent.
In any case, it was more ballsy than you'd expect from a big
government organization.
- -dave
[1] http://www.infosecblog.org/2007/10/nasa-bans-ie.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHGi4JB8JNm+PA+iURAlsgAJ90fAuWJS0GcKNHFTcXP5JpnDBdUQCfSDJk
x4BFwUoF1anZEy1H+x6Iz48=
=ww/j
-----END PGP SIGNATURE-----
More information about the Dailydave
mailing list