Solve : Test drive Internet Explorer 9?

1.	Solve : Test drive Internet Explorer 9?
Answer» What about those IE based browsers? Although they're based on IE, I think they got some plus over M$'s original browser.................... Quote from: 2x3i5x on April 15, 2010, 10:23:19 PM What about those IE based browsers? Although they're based on IE, I think they got some plus over M$'s original browser.................... Except the browsing is done by Internet Explorer, not by the application. They don't just with Internet Explorer. All of the vulnerabilities that are found in things like ActiveX, or Flash, or any of those, in Internet Explorer will still be present in the applications that use IE. I might also point out that it's hardly difficult to create a browser like that. a few drags and drops and a line or two of code would make a functional, if spartan, browser. Quote from: BC_Programmer on April 15, 2010, 10:36:51 PM All of the vulnerabilities that are found in things like ActiveX, or Flash, or any of those, in Internet Explorer will still be present in the applications that use IE. This is why you must always update Windows even if you don't use IE. Quote from: evilfantasy on April 16, 2010, 08:06:44 AM This is why you must always update Windows even if you don't use IE. Most people with windows have IE permanently installed on their computer. Even if you don't use IE, SOMEONE can still hack your computer USING IE so you must update. Patiently waiting for a Linux fan to pop in with Linux FTW!!! Quote from: evilfantasy on April 16, 2010, 11:35:06 AM Patiently waiting for a Linux fan to pop in with Linux FTW!!! And Linux doesn't have any problems with people hacking the system through a browser like this. And Linux doesn't force you to have IE installed. Did it just for you, evilfantasy where happened to MacOSX FTW?? Quote from: Cityscape on April 16, 2010, 11:43:20 AM And Linux doesn't have any problems with people hacking the system through a browser like this. And Linux doesn't force you to have IE installed. Did it just for you, evilfantasy Linux/Unix does have problems with buffer overflows in C applications being easily exploited... ESPECIALLY printf() calls with a single argument. Also, I think we're getting a little off-center in our view; exploits in Internet Explorer are no more dangerous then exploits in Firefox. Internet Explorer is integrated into the OS but it doesn't give any extra privileges over hacking any other browser- the goal is to simply get a program running on the remote machine, and then they can use any number of elevation techniques 9buffer overflows, for example) to elevate to admin/SYSTEM on windows and root on a Linux system. Once they do that they can scoff etc/pwd and the NTLM hashes and attempt to crack them LOCALLY. I don't know if Linux does something similar but windows has a password cache that stores the login names and hashes of recent logons, regardless of the domain. a Lucky hacker might be able to compromise a machine that has the admin password for a domain controller in that cache. For Linux/Unix a common source of problems for quite a long time (at least for servers) was the sendmail daemon. the basic concept ath the time was simple- send more data then it can handle, (usually in the form of Nop instructions) and then insert a bit of assembly that executes bin/sh. at that point, sendmails buffer overflows, and overwrites the return ADDRESS and it jumps to the asm instructions and executes bin/sh- and the machine is rooted. Similar vulnerabilities exist for almost every program that runs as root; thankfully most of these services are hardened against these attacks but as long as they are being exposed to the rain they will weather, and more holes will be discovered.No. BC is right. Unless you use a browser that prompts for everything and you set it up to be secure, you can still get rooted on Linux; and, there are things far worse than a virus with a rootkit being up there. I've done my share of HTML hacking and have made the browser execute commands- IE- or just overload the system with data- firefox. If it is a java hack, you're screwed. Quote from: 2x3i5x on April 16, 2010, 01:06:21 PM where happened to MacOSX FTW?? Famous Hacker Calls Windows More Secure than Mac - April 15, 2010

Answer»

What about those IE based browsers? Although they're based on IE, I think they got some plus over M$'s original browser.................... Quote from: 2x3i5x on April 15, 2010, 10:23:19 PM

What about those IE based browsers? Although they're based on IE, I think they got some plus over M$'s original browser....................

Except the browsing is done by Internet Explorer, not by the application.

They don't just with Internet Explorer. All of the vulnerabilities that are found in things like ActiveX, or Flash, or any of those, in Internet Explorer will still be present in the applications that use IE.

I might also point out that it's hardly difficult to create a browser like that. a few drags and drops and a line or two of code would make a functional, if spartan, browser. Quote from: BC_Programmer on April 15, 2010, 10:36:51 PM

All of the vulnerabilities that are found in things like ActiveX, or Flash, or any of those, in Internet Explorer will still be present in the applications that use IE.

This is why you must always update Windows even if you don't use IE. Quote from: evilfantasy on April 16, 2010, 08:06:44 AM

This is why you must always update Windows even if you don't use IE.

Most people with windows have IE permanently installed on their computer. Even if you don't use IE, SOMEONE can still hack your computer USING IE so you must update. *Patiently waiting for a Linux fan to pop in with Linux FTW!!! Quote from: evilfantasy on April 16, 2010, 11:35:06 AM

*Patiently waiting for a Linux fan to pop in with Linux FTW!!!

And Linux doesn't have any problems with people hacking the system through a browser like this. And Linux doesn't force you to have IE installed.

Did it just for you, evilfantasy where happened to MacOSX FTW?? Quote from: Cityscape on April 16, 2010, 11:43:20 AM

And Linux doesn't have any problems with people hacking the system through a browser like this. And Linux doesn't force you to have IE installed.

Did it just for you, evilfantasy

Linux/Unix does have problems with buffer overflows in C applications being easily exploited... ESPECIALLY printf() calls with a single argument.

Also, I think we're getting a little off-center in our view; exploits in Internet Explorer are no more dangerous then exploits in Firefox. Internet Explorer is integrated into the OS but it doesn't give any extra privileges over hacking any other browser- the goal is to simply get a program running on the remote machine, and then they can use any number of elevation techniques 9buffer overflows, for example) to elevate to admin/SYSTEM on windows and root on a Linux system. Once they do that they can scoff etc/pwd and the NTLM hashes and attempt to crack them LOCALLY. I don't know if Linux does something similar but windows has a password cache that stores the login names and hashes of recent logons, regardless of the domain. a Lucky hacker might be able to compromise a machine that has the admin password for a domain controller in that cache.

For Linux/Unix a common source of problems for quite a long time (at least for servers) was the sendmail daemon. the basic concept ath the time was simple- send more data then it can handle, (usually in the form of Nop instructions) and then insert a bit of assembly that executes bin/sh. at that point, sendmails buffer overflows, and overwrites the return ADDRESS and it jumps to the asm instructions and executes bin/sh- and the machine is rooted. Similar vulnerabilities exist for almost every program that runs as root; thankfully most of these services are hardened against these attacks but as long as they are being exposed to the rain they will weather, and more holes will be discovered.No. BC is right. Unless you use a browser that prompts for everything and you set it up to be secure, you can still get rooted on Linux; and, there are things far worse than a virus with a rootkit being up there.
I've done my share of HTML hacking and have made the browser execute commands- IE- or just overload the system with data- firefox.
If it is a java hack, you're screwed. Quote from: 2x3i5x on April 16, 2010, 01:06:21 PM

Solve : Test drive Internet Explorer 9?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment