Main Area and Open Discussion > General Software Discussion
Tweaking IE to prevent further attacks (for now)
Stoic Joker:
First, JavaScript != Java - big difference :) (I'm sure you already know that, and are just being a bit imprecise in your post). AFAIK a whole bunch of exploits have been targetting vulnerable old Java JVM versions (old versions aren't removed when you upgrade to latest, and java applets can specify specific versions to bind against >_<), while this exploit is JavaScript.-f0dder (January 16, 2010, 02:12 PM)
--- End quote ---
Right, but Java & JavaScript both = Sun ... Which is who pisses me off. Frankly I'm rather horrified that they purchased MySQL, as I'm afraid they'll screw that up too.
Yeah, ActiveX is mentioned as well; dunno if scripting in IE is implemented with ActiveX, if the exploit is mixed JavaScript/ActiveX, or if the exploit is only in JS but uses some ActiveX objects to do further work... too bad the details are so vague.
--- End quote ---
My money is on the last one, but that's admittedly due to a general mistrust/dislike of Sun. Details damnit ... we need details.
DEP is nice, yes, but there's still a few apps here and there that have issues with it - I had to turn off systemwide DEP after a while :(. Guess it made sense not to have it on by default in IE7, were probably too many browser plugins that were crappily written? It does seem to be 0% overhead though, which is a nice thing; and while it's not complete waterproof solution, it does indeed limit the attack vectors shellcode have.
--- End quote ---
IESpell gave me issues with IE7 & DEP, but fortunately the combo works perfectly in IE8 so I'm a happy guy. I try to avoid dependancy on plugins as I spend too much time on other people's computers... (site work) ...Ya gota know how to work with what's there. But I'm a big fan of the 80/20 rule and DEP fits that to a T.
Krishean:
sir you are entirely incorrect.
java is made by sun microsystems
javascript has nothing to do with sun microsystems (read the wikipedia article, you will be educated)
sun buying mysql is not what you have to worry about, what you have to worry about is oracle buying sun
edit: (and therefore oracle buying mysql)
edit2: from my experience exploits do like to use a combination of javascript/activex to do the dirty work, disable one and the other part of the exploit dosen't work right
Stoic Joker:
sir you are entirely incorrect.-Krishean (January 16, 2010, 04:02 PM)
--- End quote ---
Yes, you mentioned that earlier ... Thanks for over stressing the point.
java is made by sun microsystems
javascript has nothing to do with sun microsystems (read the wikipedia article, you will be educated)
--- End quote ---
Then perhaps they should have been more careful when picking a name, or maybe (just maybe) I like lumping the together because they tend to go hand in hand as a gleefully exploitable nuisance. Either way you should watch your tone if you wish your input to be accepted well.
sun buying mysql is not what you have to worry about, what you have to worry about is oracle buying sun
--- End quote ---
Wasn't aware of that, but I usually have better things to do with my time than keep track of who bought who this week. Oracle hasn't managed to annoy the crap outa me as of yet ... So I see no reason (thus far) to fear their influence. Sun on the other hand, is on my "list".
f0dder:
JavaScript was initially developed by Netscape, and was named LiveScript then. But because everybody was hype-OD'ing on Java, some schmuck decided it should be renamed, although JavaScript has very little resemblance to Java. The language has later been standardized as ECMAScript, and Microsoft's dialect is called JScript. Iirc flash's ActionScript is also based on ECMAScript.
JavaScript is actually kinda cool, even when seen outside browsers - you can do some pretty funky stuff with it :)
Stoic Joker:
JavaScript was initially developed by Netscape, and was named LiveScript then. But because everybody was hype-OD'ing on Java, some schmuck decided it should be renamed, although JavaScript has very little resemblance to Java. The language has later been standardized as ECMAScript, and Microsoft's dialect is called JScript. Iirc flash's ActionScript is also based on ECMAScript.-f0dder (January 16, 2010, 05:41 PM)
--- End quote ---
Now that's the kind of honest answer I can appreciate. :) (but seriously) I've never really had a compelling reason to investigate distinctions between them. And considering (if it walks like a duck...) they both tend to annoy me, they both get stuck on the same shelf.
Most of the Java based programs I've run into have been crude looking, slow, and generally flakey. This includes high dollar vertical market applications that really should have a more polished behavior for the money they cost (not to mention none of these people seem to have the slightest clue how to do version checking properly). The only reason (I can think of) to create a full blown application out of Java would be if one was trying to (Fire-Drill) rush something cross platform to market. I have in the past tried coding in Java, but quickly found C++ to be (much less aggravating) more durable in the long run.
JavaScript is actually kinda cool, even when seen outside browsers - you can do some pretty funky stuff with it :)
--- End quote ---
I have used JavaScript for some things on web pages like input validation or data pumping information between frames in a form. but only as a last resort. (being that you said "fun" I'll skip the why, but...) How the hell would you use it outside a browser?
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version