"How do the latest versions of each browser compare? For this prizefight, we looked at Microsoft Internet Explorer 7, Microsoft's first new Internet browser since 2001 and Mozilla Firefox 2, Mozilla's update of its popular Firefox 1.5 browser released in November 2005." This will be the last Firefox 2 vs. IE7 article. I promise.
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:2006-06-01
Let's assume that a user is allowed to read CDs. ... blah blah blah.
I'm not sure what your point is since it is relatively easy compromise any PC that you have physical access to.
A real exploit allows you to compromise machines you don't have physical access to.
How about Debian. A user had a non-privledged account on a Debian server. He used a Linux exploit to compromise the server.
Now THAT pointed out how easy it is to compromise a Linux server locked down by the experts who made the distro!
Edited 2006-11-02 03:41
Member since:2005-11-11
//since it is relatively easy compromise any PC that you have physical access to//
Minor correction: any Windows PC that you have physical access to.
//How about Debian. A user had a non-privledged account on a Debian server. He used a Linux exploit to compromise the server.//
How about Debian?
Reference? I don't think you have this tale correct.
AFAIK, what happened was that a Debian developer had a user account on a Debian server with a relatively weak password. A hacker gained access to the user account via a "brute force" attack on the password. The system was therefore compromised in that an unauthorised person had gained a user level of access. AFAIK, that is as far as it got.
http://www.zdnet.com.au/news/security/soa/Debian_server_hacked/0,13...
http://www.zdnet.com.au/news/security/soa/Debian_Linux_sites_hacked...
For both events, the intrusion was detected. The machines taken off-line for about a day, and all software was re-installed as a precaution. AFAIK there was no evidence at all of any data compromise anywhere.
//Now THAT pointed out how easy it is to compromise a Linux server locked down by the experts who made the distro! //
Au contraire, what it showed was that if you can enter the correct username & password, you can log on to a Debian server machine.
PS:
http://www.zdnet.com.au/forums/0,139029293,139263270-120138031o,00....
OK, a little more info there. This says that once on the machine, the hacker did use a (now fixed) exploit to elevate priveledges, but got no further than that.
Edited 2006-11-02 04:13
Member since:
2005-11-11
Hmm. Just thinking to myself here. Forgive me for going a little off-topic.
As we have seen in this thread, unless all ability to read removeable media is suppressed, and all places to which a user can write are closed to the system from executing applications, then a determined user can break a Windows system fairly readily.
Here is how. Let's assume that a user is allowed to read CDs. OK, that user at home gets hold of Windows exploit code, puts that code on to a CD-R, then takes the CD-R to the target Windows machine. The determined user runs the exploit code from the CD-R on the target machine, and uses the exploit to elevate that users own priveledges. Once that is done, any further lockdown of that account can be removed, and all manner of aditional software can be run (and indeed installed) from the CD-R. The target Windows machine can become "owned" ... all it takes is a determined user, and a means to read something from elsewhere.
Edited 2006-11-02 03:18