New Netscape browser supports Internet Explorer

November 30, 2004


New Netscape browser supports Internet Explorer - Computerworld: "While current Firefox users can switch to IE when they have a problem with a Web site, AOL's Netscape unit found a different solution. If a Web site doesn't display well in the standard Firefox-based configuration in Netscape, it takes two clicks to display the page using the IE engine. The browser stores engine preferences for each Web site."

WOW!! It supports IE?!?! This is really some major improvements! In case you don't know me that well, the two previous statements are my form of sarcasm. This is nothing more than an extension that has been previously avaliable for Firefox users called IE View that I reported about in a blog posting on October 10, 2004: "FireFox Extensions worth installing". Always beware the market-hype machine!!

Windows SP2 security compromised


PC World | Windows SP2 security compromised: "The October exploit required a user to drag an image from one part of a Web page to another, and then to click a button. At the time, Microsoft said the bug required too much user interaction to be considered serious. The new version, discovered by the Greyhats Security Group, eliminates the step of clicking a button, the group said. Like the earlier exploit, the new attack could lead to the execution of HTML and script code in the context of a trusted site, Greyhats said."

Normally I would respond to a release like this as "too much interaction on the part of the user; show me a remote exploit blaster-style and I'll be worried". But then I started thinking about it. People really ARE that stupid and will do pretty much anything that some website or email will tell them. Tip: Do not underestimate the stupidity of your users. If you give them too much credit, it will come back to bite you in the ass.

Black Tuesday - Not so bad...

November 09, 2004


Microsoft Security Bulletin MS04-039: Vulnerability in ISA Server 2000 and Proxy Server 2.0 Could Allow Internet Content Spoofing (888258) - Important

Just glad this month wasn't as bad as the last.

SANS Institute - Security Policy Project

November 01, 2004


SANS Institute - Security Policy Project: "Welcome to the SANS Security Policy Resource page, a consensus research project of the SANS community. The ultimate goal of the project is to offer everything you need for rapid development and implementation of information security policies. You�ll find a great set of resources posted here already including policy templates for twenty-four important security requirements. "

GREAT RESOURCE. There are a ton of example policies to help you get on your way, all including a downloadable Word template.