Stop Microsoft
All Things Microsoft => Microsoft Software => Topic started by: lazygamer on 24 October 2002, 11:31
-
Ok I'll quote this time.
Internet Explorer insecure (http://www.theregus.com/content/55/26730.html)
quote:
Nine closely-related Internet Explorer flaws leave users open to a variety of powerful attacks, security researchers at Israeli firm GreyMagic Software warned yesterday.
The vulnerabilities revolve around object caching and a combination could enable an attacker to steal private local documents, steal cookies from any site, forge trusted web sites, steal clipboard information or even execute arbitrary programs, GreyMagic reveals .
The issue affects users running IE 5.5 and IE 6. Computers running IE 6 SP1 are vulnerable to a lesser extent, but are still at risk to two of the nine vulnerabilities. Users of AOL Browser, MSN Explorer are also affected. Only those using IE 5.0 SP2 have a
measure of protection from the exploits.
GreyMagic advises users to disable Active Scripting as a workaround pending the release of security fixes from Microsoft. It has published a demonstration showing how an attacker could read a victim's Google cookie using one of the cached objects vulnerabilities it has unearthed.
Microsoft is reportedly angry at GreyMagic's advisory. It says the warning could leave users at greater risk or, at minimum, cause needless concern. This argument is a continuation of Microsoft's row with security researchers over the full disclosure of security vulnerabilities.
GreyMagic published its advisory yesterday, but it reports on its site how it has refined its findings since first noticing a problem at the start of this month. Microsoft hasn't acted to date, and given its tardiness in responding to its concerns in the past, GreyMagic decided to go ahead regardless and alert the wider community of the problems it had unearthed.
All nine vulnerabilities are of the same general class (object caching). However, each of them is a separate vulnerability, which uses a unique method for exploitation, which GreyMagic documents here.
When communicating between windows, security checks ensure that both pages are in the same security zone and on the same domain. The vulnerabilities GreyMagic publicises arise because the security settings in IE wrongly assume that certain methods and objects are only going to be called through their respective window. These assumption enables some cached methods and objects to provide interoperability between otherwise separated documents, creating a mechanism for a variety of exploits.
-
I find it humourous that they notified MS of the flaws weeks ago and yet MS makes no patches available and doesnt notify its users they are in danger. Oh well, if any IE users are truly worried about this situation, here is my advice.
http://www.mozilla.org (http://www.mozilla.org)
-
When the hell are they going to get rid of Active Scripting altogether?? It's only purpose is to perpetuate viruses and exploits. Wait, oh yeah, viruses and exploits mean future upgrade sales and royalties from the AV vendors.
-
Speaking of browsers VS browsers...
Three sites I've experienced a fucked up phenomonon with Mozilla. When posting messages, there is a | character instead of a blank space. So it would read:
Sites are www.hero6.com (http://www.hero6.com) www.sflah.com (http://www.sflah.com) www.newcomer.hu (http://www.newcomer.hu)
Is it the webmaster's fault though? Doesn't cause problems in IE. Notice at hero6.com how the first page is garbled up?
These are the annoyances I talk about...
-
All three pages seemed to load just fine for me in Opera, other than a Java applet not loading on the third page.
-
quote:
Three sites I've experienced a fucked up phenomonon with Mozilla. When posting messages, there is a | character instead of a blank space.
I tried all three with Mozilla Build 2001092020 in Mandrake 8.1 and they all worked just fine.
_______________________________________
Live Free or Die: Linux
(http://www.otakupc.com/etsig/dolphin.gif)
If software can be free, why can't dolphins?
-
I have 1.2b. Oh alright, I'll try a beta.
-
Hmmm Hero6 site(the part where you select the interface for the mainpage) still loads incorrectly. How do I set up Mozilla to identify as IE? That might solve some problems. However, will some anti-IE sites be able to tell im actually Mozilla though? What about sites with special "Mozilla only" features?
-
You know Lazy-g, I get rendering errors in Mozilla all the time. That, the fact that it doesn't work with any of my Logitech Internet Navigator keyboard's hotkeys(like the browser back/forward, homepage, favorites, search, etc. buttons), my mouses' back/forward buttons(MS Intellimouse Optical) and it can't even display some pages is the reason why I will not ditch IE for Mozilla.
Open Source software is and always will be too buggy for my likings. Using open source software is like beta testing...only Open Source software never will reach gold status(no matter what the software is).
Proof that Lazy-g isn't lying about rendering errors on the above listed pages.
IE(works flawlessly)
http://www.ticz.com/homes/users/waltw/IEerrorless.jpg (http://www.ticz.com/homes/users/waltw/IEerrorless.jpg)
Mozilla (rendering errors)
http://www.ticz.com/homes/users/waltw/Mozillaerror.jpg (http://www.ticz.com/homes/users/waltw/Mozillaerror.jpg)
IE (works flawlessly)
http://www.ticz.com/homes/users/waltw/IEerrorless2.jpg (http://www.ticz.com/homes/users/waltw/IEerrorless2.jpg)
Mozilla (errors...misaligned text..the yellow letters)
http://www.ticz.com/homes/users/waltw/mozillaerror2.jpg (http://www.ticz.com/homes/users/waltw/mozillaerror2.jpg)
-
Could you post the links that you say render incorrectly? I have the site blocked at my proxy server that you are have your images on. Then I could determine why the sites you are having problems with are having problems.
[ October 25, 2002: Message edited by: void main ]
-
quote:
Originally posted by void main:
You you post the links that you say render incorrectly? I have the site blocked at my proxy server that you are have your images on. Then I could determine why the sites you are having problems with are having problems.
Heh, thats your problem. I'm not going to move the images to another server just for you to see them. ;)
-
quote:
Originally posted by Zombie9920:
Heh, thats your problem. I'm not going to move the images to another server just for you to see them. ;)
I didn't say move the images. I said, post the links to the pages that you used to make the captured images.
-
shitty. could it be the designers fault? i have never had any problems with mozilla (until i visited those sites of course). i would hate to see that it is mozilla, though i still doubt it is the browsers fault.
quote:
from sflah.com page source
function MM_reloadPage(init) { //reloads the window if Nav4 resized
if (init==true) with (navigator) {if ((appName=="Netscape")&&(parseInt(appVersion)==4)) {
document.MM_pgW=innerWidth; document.MM_pgH=innerHeight; onresize=MM_reloadPage; }}
else if (innerWidth!=document.MM_pgW || innerHeight!=document.MM_pgH) location.reload();
what does that mean?? bear with me, i am still learning html...
-
quote:
Originally posted by void main:
I didn't say move the images. I said, post the links to the pages that you used to make the captured images.
Lazy-g already posted the links. The 2 I went to for reference(in my images) were www.hero6.com (http://www.hero6.com) www.sflah.com (http://www.sflah.com) .
At hero6 Mozilla only renders half of each image box at the bottom of the page, at sflash Mozilla has text mis-alignment problems.
-
quote:
Originally posted by xyle_one:
shitty. could it be the designers fault? i have never had any problems with mozilla (until i visited those sites of course). i would hate to see that it is mozilla, though i still doubt it is the browsers fault.
what does that mean?? bear with me, i am still learning html...
What you have quoted is not HTML, it's JavaScript. And the section you quoted plainly shows it checks browser version and executes the code in different ways based on what browser you are using. In 99.9% of the cases if a site does not display correctly in a particular browser, it's because the webmaster did not code/test his site on said browser. It *is* a problem for you as a user, But it is entirely fault of the site developer and bad coding, not the fault of the browser.
-
sweet, then it is not mozillas fault.
-
quote:
Originally posted by Zombie9920:
Lazy-g already posted the links. The 2 I went to for reference(in my images) were www.hero6.com (http://www.hero6.com) www.sflah.com (http://www.sflah.com) .
At hero6 Mozilla only renders half of each image box at the bottom of the page, at sflash Mozilla has text mis-alignment problems.
This is not because IE renders "properly" and Mozilla does not. It's because the web developer of that site did not code/test his site properly. He already has JavaScript calls to check for browser type and executes different code based on the browser. He obviously didn't check the non-IE section over very well.
The course of action in this case is to send a "nice" email to the webmaster at this site and notify him/her that the images at the bottom of the page are not displaying properly in Mozilla, could he please fix it. Then the problem will be solved for people who come behind you, and you will have made a difference. It's likely an oversight on the web developers part.
-
quote:
Originally posted by void main:
What you have quoted is not HTML, it's JavaScript. And the section you quoted plainly shows it checks browser version and executes the code in different ways based on what browser you are using. In 99.9% of the cases if a site does not display correctly in a particular browser, it's because the webmaster did not code/test his site on said browser. It *is* a problem for you as a user, But it is entirely fault of the site developer and bad coding, not the fault of the browser.
True, alot of site incompatabilites with Mozilla are the fault of the website being designed with IE in mind(considering over 89% of the world uses IE according to alot of the browser most commonly used to access site tests). Why should a webmaster even be bothered with re-coding thier page for the minority browser users? That would be nothing more than a blatent waste of the webmasters' time.
The website incompatibilites still don't explain why alot of the internet shortcut enabled input devices don't work properly with Mozilla.
BTW, I just installed MS Intellipoint 4.1 software and guess what? My back and forward buttons finally work in Mozilla(the middle mouse button still doesn't work though). Isn't funny how MS are nice enough to fix problems with an open source browser(something that the Open Source programmers can't seem to do properly).
Now, if only the internet buttons on my Logitech keyboard, my MS keyboard and my logitech wireless mouse worked properly with Mozilla then I wouldn't be able to complain about my hardware not properly working with Mozilla.
I don't get why Mozilla's programming team won't get off of thier sorry asses and fix hardware issues with thier browser thierselves...I mean it isn't caused by faulty hardware. All of my internet shortcut enabled hardware works fine with IE, Opera, Netscape 6, Netscape 7, MSN Explorer Neoplanet and the extra buttons even work properly on my Cousins' crappy ass AOL(he has internet shorcut enabled input devices also).
Oh yeah, the internet input device functions work fine in the above listed browsers with the built in Windows XP drivers for all of the input devices I have tried. ONLY Mozilla has required me to install software to make the stuff work(currently, the only hardware that works with the newest software in Mozilla is the MS mouse..and like I already said, MS fixed Mozillas' problem..not the Mozilla team, MS isn't so bad after all, huh ;) ).
[ October 25, 2002: Message edited by: Zombie9920 ]
-
quote:
Originally posted by Zombie9920:
True, alot of site incompatabilites with Mozilla are the fault of the website being designed with IE in mind(considering over 89% of the world uses IE according to alot of the browser most commonly used to access site tests). Why should a webmaster even be bothered with re-coding thier page for the minority browser users? That would be nothing more than a blatent waste of the webmasters' time.
Let's see, 89% of the people in your town are under 6 foot tall. You built your store with a 6 foot door. You automatically lose 11% of your potential customers. That's more than the difference between your business making a profit and a loss.
quote:
The website incompatibilites still don't explain why alot of the internet shortcut enabled input devices don't work properly with Mozilla.
I have no idea what you are talking about here but again I will assume that you incorrectly believe that whatever IE does is the "correct" way and if it doesn't work that way in another browser it is "incorrect".
quote:
BTW, I just installed MS Intellipoint 4.1 software and guess what? My back and forward buttons finally work in Mozilla(the middle mouse button still doesn't work though). Isn't funny how MS are nice enough to fix problems with an open source browser(something that the Open Source programmers can't seem to do properly).
I can hardly believe that the Mozilla developers didn't fix the "Microsoft" drivers for the "Microsoft" mouse. Especially since they don't have the source code. How dare they! Get something without the MS label on it and maybe it will start working.
quote:
I don't get why Mozilla's programming team won't get off of thier sorry asses and fix hardware issues with thier browser thierselves...I mean it isn't caused by faulty hardware. All of my internet shortcut enabled hardware works fine with IE, Opera, Netscape 6, Netscape 7, MSN Explorer Neoplanet and the extra buttons even work properly on my Cousins' crappy ass AOL(he has internet shorcut enabled input devices also).
Programming hardware is not a function of the browser. It's a function of the operating system.
-
about the hero6.com site
i added one thing to make it work right in mozilla, i specified a width to the table, and it shows up correctly. so those of you with mozilla can see that it is not mozilla fault.
hero page new (http://www.sederquistavery.com/roy/heronew.htm)hero page old (http://www.sederquistavery.com/roy/heroold.htm)
i hope it isnt too fucked up to copy/paste the code into my editor to play with it.
[ October 25, 2002: Message edited by: xyle_one-point-two ]
-
Now, if lazy-g would send a very nice and short note to the webmaster of the site (I would if I used it but since I don't) stating he should add a width tag to his table so it will work properly in all browsers he might be very appreciative and fix it quickly.
-
quote:
BTW, I just installed MS Intellipoint 4.1 software and guess what? My back and forward buttons finally work in Mozilla(the middle mouse button still doesn't work though). Isn't funny how MS are nice enough to fix problems with an open source browser(something that the Open Source programmers can't seem to do properly).
You don't half post some utter shite here. I mean I can accept you're not very technical - there's nothing wrong in that - but you really shouldn't comment on things you don't understand.
This is the sort of bizarre reverse logic doublespeak you (and microsoft) use all the time. It's like saying that if a particular car model crashes and burns every time too many people sit in it, then when the manufacturer fixes the problem the car owners should be grateful to the "nice" car company for fixing a problem that was really the lazy customers' fault in the first place, and they should have been doing something about it themselves by losing weight.
And do you seriously think MS would intentionally make mozilla work any better?
-
Hi, I will notify the webmasters. Im sure they didn't make their sites like this intentionally, after all they do tend to be pretty reasonable people.
-
Ok this is too fucked up. SFLAH works perfectly for me, the forums are fine now and do not reproduce this wierd space replacement error.
Hero6 forums no longer have that space problem either. Could this have been solved simply by me suddenly deciding to use the latest nightly build, #2002102408?
Although that image thing still persists. I asked about it there.
More sillyness. Yahoo no longer puts ? chracters instead of spaces in searches. Although the ? chracters seemed to have no effect on the searches. Either there was trouble with 1.2b, or there was just some quirk that was solved by having Mozilla re-installed.(which happens when you install the latest build)
-
zombie, i have a mate who runs an online forum with nearly 100 members. it's a music site, so it's not populated with anti-microsoft people or anything.
interestingly his stats show roughly 79% of browser hits have been from IE.
maybe 89% of operating systems have been windows, but only 79% of browsers (roughly)have been IE, which as a representative sample makes a big difference.
where did you pull that 89% out from? hmm let me see... was it... YOUR ARSE? :D :D :D
[ October 25, 2002: Message edited by: Calum-21.2 ]
-
Why do people always pull so many facts outta there? It's uncomfortable to you, you may end up ripping it eventually, it's smelly, people are disgusted at the appearance/smell in addition to the content of the information, and ya gotta go and wash your hands throughly!
Now if people would just present proper facts it would be SO much easier for them. (http://tongue.gif)
-
quote:
Originally posted by Calum-21.2:
interestingly his stats show roughly 79% of browser hits have been from IE.
And how many of those were *really* IE and not another browser identifying itself as IE?
-
good point, opera defines itself as IE by default (i wonder if it does that even on linux?) but i certainly can't imagine a lot of IE users somehow setting IE to identify as for instance mozilla (which would even out the figures somewhat)...
-
quote:
Open Source software is and always will be too buggy for my likings. Using open source software is like beta testing...only Open Source software never will reach gold status(no matter what the software is).
Proof that Lazy-g isn't lying about rendering errors on the above listed pages.
IE(works flawlessly)
http://www.ticz.com/homes/users/waltw/IEerrorless.jpg (http://www.ticz.com/homes/users/waltw/IEerrorless.jpg)
Mozilla (rendering errors)
http://www.ticz.com/homes/users/waltw/Mozillaerror.jpg (http://www.ticz.com/homes/users/waltw/Mozillaerror.jpg)
IE (works flawlessly)
http://www.ticz.com/homes/users/waltw/IEerrorless2.jpg (http://www.ticz.com/homes/users/waltw/IEerrorless2.jpg)
Mozilla (errors...misaligned text..the yellow letters)
http://www.ticz.com/homes/users/waltw/mozillaerror2.jpg (http://www.ticz.com/homes/users/waltw/mozillaerror2.jpg)
Those sites still work just fine with Mozilla Build ID: 2001092020 in Mandrake 8.1. Look no different from the ones you posted as being from IE.
_______________________________________
Live Free or Die: Linux
(http://www.otakupc.com/etsig/dolphin.gif)
Their fundamental design flaws are completely concealed by their superficial design flaws.
-
quote:
Using open source software is like beta testing...only Open Source software never will reach gold status(no matter what the software is).
It's funny, I think he's implying that windows has reached "gold" status. I hardly think that a $200.00 OS that is so buggy and unpredictable deserves such a designation. :rolleyes:
-
perhaps in a few years it'll be up to 'aluminium foil status, as opposed to linux, which i think is up to 1 inch thick steel status.