Snark all you want, but this is why I stick with IE Explorer. As most herd animals have found through trial and error, there is safety in numbers.

oldebayer: Snark all you want, but this is why I stick with IE Explorer. As most herd animals have found through trial and error, there is safety in numbers.

In this instance, the opposite is probably true. The bad guys are far more likely to target the browser used by the masses, rather than the obscure one used by only a handful.


(not saying that Firefox is in the latter category)

Philbb: Once FireFox is no longer in the later category (relatively speaking), I'll be looking for a new browser.

All browsers have security vulnerabilities. But what's the point (for the bad guys) in finding them (and exploiting them) for something so few people use?

Do what I do: use Opera, then drop the hard drives in an autoclave when you're done.

/not rly
//I just do my unsecure browsing on a computer with zero purpose other than to be a periodically-sterilized cesspit.

Is this security hole stopped by NoScript?

oldebayer: , but this is why I stick with IE Explorer.

So you use something that is known to be full of holes that, instead of something that while having a few holes is on the whole much better?

oldebayer: Snark all you want, but this is why I stick with IE Explorer. As most herd animals have found through trial and error, there is safety in numbers.

Not to pick on you, but how's that 'herd animal' idea been workin' for you the last 7.5 years?

Yeah.

Change browsers.

9/11

From TFA site:

Anonymous
Why did you not find it in the Release Candidates

Zero Day Initiative commented on 2008-06-18 @ 18:52
@Anonymous
The vulnerability was submitted to us by a researcher that prefers to remain anonymous. Even though the issue affects older 2.0.x versions, as to why he didn't find the vulnerability earlier is something we don't presume to know.

Translation: We've known about the vulnerability for a while now but instead of having the well-being of end users in mind we didn't tell Mozilla about it so we could cash in on the notoriety and publicity of getting the name DVLabs out there for the Zero Day Initiative. In other words, we're grandstanding asshats.

user interaction is required such as clicking on a link in email or visiting a malicious web page

Move along, nothing to see here.

lordargent: user interaction is required such as clicking on a link in email or visiting a malicious web page

Move along, nothing to see here.


Wow. A web browser exploit that requires you to look at a web page?

Talk about using the software out-of-spec. Why would anyone be clicking on links or looking at web pages with a web browser? It's insane!

oldebayer: Snark all you want, but this is why I stick with IE Explorer. As most herd animals have found through trial and error, there is safety in numbers.

People who create malicious files want to target as many people as they can get, so who do the go after? the one with the highest numbers.

oldebayer: Snark all you want, but this is why I stick with IE Explorer. As most herd animals have found through trial and error, there is safety in numbers.

Your analogy really doesn't apply, what you're doing is pushing your way to be as close to the center of the nuclear blast as possible

oldebayer: Snark all you want, but this is why I stick with IE Explorer. As most herd animals have found through trial and error, there is safety in numbers.

With that kind of logic, walk off a street corner with a large group of people into oncoming traffic yelling, "they can't hit us all."

Lynx FTW!

rackrent:
//Have to go to the Automatic ATM Teller Machine


Automatic arse to mouth teller machine. that is some kinky banking

oldebayer: Snark all you want, but this is why I stick with IE Explorer. As most herd animals have found through trial and error, there is safety in numbers.

A friend of mine sticks with Internet Explorer Explorer as well. A few weeks ago he got a virus off some web page. My reply: That's what happens when you use IE!

I only use IE for work, and even then only for our internal sites since I know they're safe.

MBrady: oldebayer: Snark all you want, but this is why I stick with IE Explorer. As most herd animals have found through trial and error, there is safety in numbers.

With that kind of logic, walk off a street corner with a large group of people into oncoming traffic yelling, "they can't hit us all."


Sorry I just couldn't resist.

How can there be a security bug in open-source? This is why I'm still using IE3 running on Windows 95C -- there haven't been security updates for years! It's solid, baby!

// kidding, of course. :-p

There will be holes in anything, as long as they minimize their number and make it easier for me to know about the exploits I'm happy and for my (lack of) money FF is better than IE about it.

/Right now my biggest issue with FF is the "awesome bar" which is grossly un-awesome.

BobXXL:
Sorry I just couldn't resist.


Someone should really turn that into a motivational poster...

oldebayer: As most herd animals have found through trial and error, there is safety in numbers.

Lemmings find this strategy useful, too.

t3knomanser: dalbuc: /Right now my biggest issue with FF is the "awesome bar" which is grossly un-awesome.

I disagree. It's fantastic- I can search my history and bookmarks by keyword! By user assigned keyword! How awesome is that? Very awesome.

Such awesomeness should be at the discretion of the user. I'd love to be able to switch it off. I buried certain links deep down the tree to hide them and don't need them appearing like magic when others are using the computer.

t3knomanser: The whole lemmings off a cliff thing is an urban legend. Just sayin'.

Lemmings-off-a-cliff as suicide is a myth. They will jump in order to swim across a body of water. More relevantly, they will get pushed off by the rest of the herd in a lemming-based reenactment of a Who concert.

ThatGuyGreg
Seems to me that somebody knew about the bug in version 2, and decided to wait & not tell anyone until v3 came out, and they could test on that.

Or maybe they knew any bugs filed against v2 now would be laughed off with a "duh, upgrade" comment.

Maybe someone did know about it, but the rest of your comments don't fly. FF 3.0 was in beta for quite a while, with at least 3 release candidates which users were strongly encouraged to put through the wringer.

t3knomanser: wpmulligan: lemming-based reenactment of a Who concert.

I hear from the top of a cliff I can see for miles and miles and miles and miles and miles.

Boris the Lemming?

/I know..FAIL

FF 3 was pkgd with Ubuntu.. it seems better than the descriptions i'm hearing about FF with other systems.
So, Ie is 4 windows, FF is for linux and Mac.
the rest of the browsers will need lots of work.

there should be a bounty offered for virus writers/propagators..

teen nerd runs out of beer $ or spend too much on hookers & we get some virus vectors off the street.

I suspect the viruses are allowed by major vendors..
it accounts for 3/4 of programming efforts and takes 3/4 of consumer's $ spent on programs.

an os should reinstall itself without warning or recourse if it starts spreading viruses.
people get viruses because they let down guards on purpose to view deeper content. It would rock if that behaviour triggered an unstoppable reinstal cycle or blanked the bios and HDD controller.

better yet, built in hardware chip kill switch.
go onto to0 much p0rnn or build bad codes on box and all the little roms & big processors & such self kill

[thats on my wish list]

JSTACAT: FF 3 was pkgd with Ubuntu.. it seems better than the descriptions i'm hearing about FF with other systems.
So, Ie is 4 windows, FF is for linux and Mac.
the rest of the browsers will need lots of work.

there should be a bounty offered for virus writers/propagators..

teen nerd runs out of beer $ or spend too much on hookers & we get some virus vectors off the street.

I suspect the viruses are allowed by major vendors..
it accounts for 3/4 of programming efforts and takes 3/4 of consumer's $ spent on programs.

an os should reinstall itself without warning or recourse if it starts spreading viruses.
people get viruses because they let down guards on purpose to view deeper content. It would rock if that behaviour triggered an unstoppable reinstal cycle or blanked the bios and HDD controller.

better yet, built in hardware chip kill switch.
go onto to0 much p0rnn or build bad codes on box and all the little roms & big processors & such self kill

[thats on my wish list]


I can't tell if you're some kinda of psuedo-arrogant asshat or a moron...which is it?

dalbuc: /Right now my biggest issue with FF is the "awesome bar" which is grossly un-awesome.

1) Install the 'oldbar' extension.
2) Edit about:config and set browser.urlbar.matchBehavior = 2
3) Edit about:config and set browser.urlbar.matchOnlyTyped = true

Lamune_Baba : Talk about using the software out-of-spec. Why would anyone be clicking on links or looking at web pages with a web browser? It's insane!

Viruses/malware that require user intervention to operate are not a major problem for users in the know.

Only tech neophytes get viruses that way. Ohh look at this, an e-mail from someone I don't know, I think I'll just follow this link.

/I bet it's a javascript exploit. In which case, you'd have to be rolling around with noscript turned off.

Does this exploit occur on all operating systems?
Or is it yet another windows only vulnerability?

This is why I don't d/l the latest and greatest the second it comes out. I wait for everyone else to either crash and burn or praise it. THEN I d/l :)

wpmulligan: Such awesomeness should be at the discretion of the user. I'd love to be able to switch it off. I buried certain links deep down the tree to hide them and don't need them appearing like magic when others are using the computer.

create a separate profile for such discrete surfing.

wpmulligan: I buried certain links deep down the tree to hide them and don't need them appearing like magic when others are using the computer.

You might want to...

cfreak: create a separate profile for such discrete surfing.

Yeah, this. Surfing porn on a public account is akin to wanking in a public bathroom. You will get caught one day. At the very least a quick and dirty way to keep subtle is quietly install a different browser for such things. Opera's quite good for filth...

I've said too much. ;)

MBrady: oldebayer: Snark all you want, but this is why I stick with IE Explorer. As most herd animals have found through trial and error, there is safety in numbers.

With that kind of logic, walk off a street corner with a large group of people into oncoming traffic yelling, "they can't hit us all."

Poor example, as the elderly have taught on many occasions, you just can't hit everyone at the Farmer's Market.

Telos: I only use IE for work, and even then only for our internal sites since I know they're safe.


Only reason I use it, too.

I want to ask our internal developers why, when ALL of our company servers (minus Exchange and AD) run some form of open source OS, do none of the web applications operate properly with Firefox. But for some reason they all work just fine with IE.

/still on Firefox 2.0.0.14
//won't upgrade for a few more weeks

its a browser you morans... who cares...
that said, I'd be more prone to develop exploits for the OPEN SOURCE browser who has it's SOURCE READILY AVAILABLE FOR MANUPULATION than the one who has its source code carefully guarded by it's mother corporation

doctorwormwood: its a browser you morans... who cares...
that said, I'd be more prone to develop exploits for the OPEN SOURCE browser who has it's SOURCE READILY AVAILABLE FOR MANUPULATION than the one who has its source code carefully guarded by it's mother corporation

That must be why OpenBSD is riddled with exploits.

WhyteRaven74: oldebayer: , but this is why I stick with IE Explorer.

So you use something that is known to be full of holes that, instead of something that while having a few holes is on the whole much better?

Hole.

Philbb: Once FireFox is no longer in the later category (relatively speaking), I'll be looking for a new browser.

All browsers have security vulnerabilities. But what's the point (for the bad guys) in finding them (and exploiting them) for something so few people use?

That's not the relevant issue. The relevant issue is the ranges of time from when the hole is publicly available to when the first exploit is found in the wild to when the patch for the hole is pushed out through the update system.

There have been some OMGWTFBBQ holes in Firefox, but they're usually patched within days of being found and usually before ANY exploits are found in the wild. That will probably be the case here.