If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Display Modes |
#11
|
|||
|
|||
Opera for windows 98
replies inline....
"98 Guy" wrote in message ... snip Opera 9 has the following unpatched vulnerabilities: http://secunia.com/advisories/36414/ Details: http://www.opera.com/support/kb/view/929/ (trivial) http://www.opera.com/support/kb/view/930/ (trivial) http://www.opera.com/support/kb/view/932/ (trivial) http://www.opera.com/support/kb/view/934/ (I say trivial) I wouldn't call either http://www.opera.com/support/kb/view/929/ or http://www.opera.com/support/kb/view/934/ exactly trivial, though they aren't critical. For e-mail and usenet news reading, I use Netscape Communicator 4.79. For web browsing, I use firefox 2.0.0.20. No known vulnerabilities to either of those that have been shown to be in circulation or effective when used in conjunction with Windows 98. Just as an aside, because obviously users of Win98 will eventually have few or no options left but to use End Of Life softwa The fact that vulnerabilities are not reported for Firefox 2.0.0.20 does not indicate that they don't exist, only that the product is considered End Of Life and is no longer checked for vulnerabilities, AFAIK. Do you have any links to show that v.2.0.0.20 is even being tested for any recent vulnerabilities? Mozilla does not appear to check the old versions any longer and I see no evidence that any other groups do, including Secunia. Opera 9.64 is AFAIR only very recently EOL, or else not EOL till sometime in October....I don't have time right now to look it up. Similarly, Communicator 4.79 has been EOL for quite some time, and no one is checking it for vulnerabilities, so the fact they are not being reported does not mean they don't exist. -- Glen Ventura, MS MVP Windows, A+ http://dts-l.net/ |
#12
|
|||
|
|||
Opera for windows 98
glee wrote:
replies inline.... "98 Guy" wrote in message ... snip Opera 9 has the following unpatched vulnerabilities: http://secunia.com/advisories/36414/ Details: http://www.opera.com/support/kb/view/929/ (trivial) http://www.opera.com/support/kb/view/930/ (trivial) http://www.opera.com/support/kb/view/932/ (trivial) http://www.opera.com/support/kb/view/934/ (I say trivial) I wouldn't call either http://www.opera.com/support/kb/view/929/ or http://www.opera.com/support/kb/view/934/ exactly trivial, though they aren't critical. For e-mail and usenet news reading, I use Netscape Communicator 4.79. For web browsing, I use firefox 2.0.0.20. No known vulnerabilities to either of those that have been shown to be in circulation or effective when used in conjunction with Windows 98. Just as an aside, because obviously users of Win98 will eventually have few or no options left but to use End Of Life softwa The fact that vulnerabilities are not reported for Firefox 2.0.0.20 does not indicate that they don't exist, only that the product is considered End Of Life and is no longer checked for vulnerabilities, AFAIK. Do you have any links to show that v.2.0.0.20 is even being tested for any recent vulnerabilities? Mozilla does not appear to check the old versions any longer and I see no evidence that any other groups do, including Secunia. Opera 9.64 is AFAIR only very recently EOL, or else not EOL till sometime in October....I don't have time right now to look it up. Additionally: FF in other OSs such as Linux received additional updates to address a few of the known vulnerabilities [such as the browser killer found directly after the official .20 final release for 9X] using source, however, even there FF has proceeded into the 3.+ versions [also receiving further updates to address numerous vulnerabilities]. Reference: This list ENDS with FF 2.0.0.20 release, *however*, it directs to FF 3. for vulnerabilities fixed, that *WERE* part of the FF 2.0.0.20 version: http://www.mozilla.org/security/know...firefox20.html http://www.mozilla.org/security/know...firefox30.html Similarly, Communicator 4.79 has been EOL for quite some time, and no one is checking it for vulnerabilities, so the fact they are not being reported does not mean they don't exist. -- MEB http://peoplescounsel.org/ref/windows-main.htm Windows Info, Diagnostics, Security, Networking http://peoplescounsel.org The "real world" of Law, Justice, and Government ___--- |
#13
|
|||
|
|||
Opera for windows 98
glee wrote:
replies inline.... "98 Guy" wrote in message ... snip Opera 9 has the following unpatched vulnerabilities: http://secunia.com/advisories/36414/ Details: http://www.opera.com/support/kb/view/929/ (trivial) http://www.opera.com/support/kb/view/930/ (trivial) http://www.opera.com/support/kb/view/932/ (trivial) http://www.opera.com/support/kb/view/934/ (I say trivial) I wouldn't call either http://www.opera.com/support/kb/view/929/ or http://www.opera.com/support/kb/view/934/ exactly trivial, though they aren't critical. For e-mail and usenet news reading, I use Netscape Communicator 4.79. For web browsing, I use firefox 2.0.0.20. No known vulnerabilities to either of those that have been shown to be in circulation or effective when used in conjunction with Windows 98. Just as an aside, because obviously users of Win98 will eventually have few or no options left but to use End Of Life softwa The fact that vulnerabilities are not reported for Firefox 2.0.0.20 does not indicate that they don't exist, only that the product is considered End Of Life and is no longer checked for vulnerabilities, AFAIK. Do you have any links to show that v.2.0.0.20 is even being tested for any recent vulnerabilities? Mozilla does not appear to check the old versions any longer and I see no evidence that any other groups do, including Secunia. Opera 9.64 is AFAIR only very recently EOL, or else not EOL till sometime in October....I don't have time right now to look it up. Additionally: FF in other OSs such as Linux received additional updates to address a few of the known vulnerabilities [such as the browser killer found directly after the official .20 final release for 9X] using source, however, even there FF has proceeded into the 3.+ versions [also receiving further updates to address numerous vulnerabilities]. Reference: This list ENDS with FF 2.0.0.20 release, *however*, it directs to FF 3. for vulnerabilities fixed, that *WERE* part of the FF 2.0.0.20 version: http://www.mozilla.org/security/know...firefox20.html http://www.mozilla.org/security/know...firefox30.html Similarly, Communicator 4.79 has been EOL for quite some time, and no one is checking it for vulnerabilities, so the fact they are not being reported does not mean they don't exist. -- MEB http://peoplescounsel.org/ref/windows-main.htm Windows Info, Diagnostics, Security, Networking http://peoplescounsel.org The "real world" of Law, Justice, and Government ___--- |
#14
|
|||
|
|||
Opera for windows 98
glee wrote:
I wouldn't call either http://www.opera.com/support/kb/view/929/ or http://www.opera.com/support/kb/view/934/ exactly trivial, though they aren't critical. ----------------- 929: Sites using revoked intermediate certificates might be shown as secure Opera does not check the revocation status for intermediate certificates not served by the server. If the intermediate is revoked, this might not impact the security rating in Opera, and the site might be shown as secure. 934: Opera accepts nulls and invalid wildcards in certificates Certificate authorities are expected to vet all certificate registrations, but may fail to prevent fraudulent or erroneous registrations. Certificates which use a wild card immediately before the top level domain, or nulls in the domain name, may pass validation checks in Opera. Sites using such certificates may then incorrectly be presented as secure. ------------------ Note that the above 2 issues were part of a group of 4 that were announced about 3 weeks ago, and it does affect all versions of Opera 10.00.20090830. Those problems allow for "man-in-the-middle" spoofing attempts, which themselves depend on a cascade of pre-existing vulnerabilities and circumstances to be in place in order to successfully gain control of an arbitrary system, which become much less possible if the system in question is running Windows 98. Opera version 9.64 is the last of the 9.xx versions. Version 9.62 had this problem: Opera 9.62 file:// Local Heap Overflow Exploit http://www.vupen.com/english/advisories/2008/3183 Which was corrected in 9.63 or 9.64. Then there is this: Opera 9.64 (7400 nested elements) XML Parsing Remote Crash Exploit Which affects version 9.64, but all it appears to do is to crach Opera, not gain control of the system running it. The fact that vulnerabilities are not reported for Firefox 2.0.0.20 does not indicate that they don't exist, only that the product is considered End Of Life and is no longer checked for vulnerabilities, AFAIK. Do you have any links to show that v.2.0.0.20 is even being tested for any recent vulnerabilities? If you're aware of ANY browser vulnerabilities that allow attackers to gain control of remote systems which are NOT ultimately heap overflows (resulting in the execution of arbitrary code), then please describe them. It's my impression that all such browser vulnerabilities boil down to heap overflows (even if they are java or script facilitated), and there is no heap-overflow code that has ever been shown to work on both win-9x and NT-based systems simultaneously. The point being that code must be developed specifically for win-9x and be in a position to be deployed in those cases where 9x systems are encountered - an increasingly unlikely situation. Mozilla does not appear to check the old versions any longer and I see no evidence that any other groups do, including Secunia. Most vendors will simply issue a blanket statement along the lines that a given vulnerability is present in the current - AND ALL PREVIOUS VERSIONS without really testing all previous versions. That's particularly true with Adobe Acrobat version 6.x family. Opera 9.64 is AFAIR only very recently EOL, or else not EOL till sometime in October....I don't have time right now to look it up. There is some indication that there is a 9.65 version circa August 2009 (google for Opera 9.65 and you'll get some hits). Specifically: http://wakoopa.com/download/opera/9.65 Which might have been a beta version of Opera 10. Similarly, Comunicator 4.79 has been EOL for quite some time, and no one is checking it for vulnerabilities, so the fact they are not being reported does not mean they don't exist. Remember, I don't use communicator 4.79 for web browsing. Only email and usenet, and as such it's a bulletproof app for that. |
#15
|
|||
|
|||
Opera for windows 98
glee wrote:
I wouldn't call either http://www.opera.com/support/kb/view/929/ or http://www.opera.com/support/kb/view/934/ exactly trivial, though they aren't critical. ----------------- 929: Sites using revoked intermediate certificates might be shown as secure Opera does not check the revocation status for intermediate certificates not served by the server. If the intermediate is revoked, this might not impact the security rating in Opera, and the site might be shown as secure. 934: Opera accepts nulls and invalid wildcards in certificates Certificate authorities are expected to vet all certificate registrations, but may fail to prevent fraudulent or erroneous registrations. Certificates which use a wild card immediately before the top level domain, or nulls in the domain name, may pass validation checks in Opera. Sites using such certificates may then incorrectly be presented as secure. ------------------ Note that the above 2 issues were part of a group of 4 that were announced about 3 weeks ago, and it does affect all versions of Opera 10.00.20090830. Those problems allow for "man-in-the-middle" spoofing attempts, which themselves depend on a cascade of pre-existing vulnerabilities and circumstances to be in place in order to successfully gain control of an arbitrary system, which become much less possible if the system in question is running Windows 98. Opera version 9.64 is the last of the 9.xx versions. Version 9.62 had this problem: Opera 9.62 file:// Local Heap Overflow Exploit http://www.vupen.com/english/advisories/2008/3183 Which was corrected in 9.63 or 9.64. Then there is this: Opera 9.64 (7400 nested elements) XML Parsing Remote Crash Exploit Which affects version 9.64, but all it appears to do is to crach Opera, not gain control of the system running it. The fact that vulnerabilities are not reported for Firefox 2.0.0.20 does not indicate that they don't exist, only that the product is considered End Of Life and is no longer checked for vulnerabilities, AFAIK. Do you have any links to show that v.2.0.0.20 is even being tested for any recent vulnerabilities? If you're aware of ANY browser vulnerabilities that allow attackers to gain control of remote systems which are NOT ultimately heap overflows (resulting in the execution of arbitrary code), then please describe them. It's my impression that all such browser vulnerabilities boil down to heap overflows (even if they are java or script facilitated), and there is no heap-overflow code that has ever been shown to work on both win-9x and NT-based systems simultaneously. The point being that code must be developed specifically for win-9x and be in a position to be deployed in those cases where 9x systems are encountered - an increasingly unlikely situation. Mozilla does not appear to check the old versions any longer and I see no evidence that any other groups do, including Secunia. Most vendors will simply issue a blanket statement along the lines that a given vulnerability is present in the current - AND ALL PREVIOUS VERSIONS without really testing all previous versions. That's particularly true with Adobe Acrobat version 6.x family. Opera 9.64 is AFAIR only very recently EOL, or else not EOL till sometime in October....I don't have time right now to look it up. There is some indication that there is a 9.65 version circa August 2009 (google for Opera 9.65 and you'll get some hits). Specifically: http://wakoopa.com/download/opera/9.65 Which might have been a beta version of Opera 10. Similarly, Comunicator 4.79 has been EOL for quite some time, and no one is checking it for vulnerabilities, so the fact they are not being reported does not mean they don't exist. Remember, I don't use communicator 4.79 for web browsing. Only email and usenet, and as such it's a bulletproof app for that. |
#16
|
|||
|
|||
Opera for windows 98
98 Guy wrote:
glee wrote: I wouldn't call either http://www.opera.com/support/kb/view/929/ or http://www.opera.com/support/kb/view/934/ exactly trivial, though they aren't critical. ----------------- 929: Sites using revoked intermediate certificates might be shown as secure Opera does not check the revocation status for intermediate certificates not served by the server. If the intermediate is revoked, this might not impact the security rating in Opera, and the site might be shown as secure. 934: Opera accepts nulls and invalid wildcards in certificates Certificate authorities are expected to vet all certificate registrations, but may fail to prevent fraudulent or erroneous registrations. Certificates which use a wild card immediately before the top level domain, or nulls in the domain name, may pass validation checks in Opera. Sites using such certificates may then incorrectly be presented as secure. ------------------ Note that the above 2 issues were part of a group of 4 that were announced about 3 weeks ago, and it does affect all versions of Opera 10.00.20090830. Those problems allow for "man-in-the-middle" spoofing attempts, which themselves depend on a cascade of pre-existing vulnerabilities and circumstances to be in place in order to successfully gain control of an arbitrary system, which become much less possible if the system in question is running Windows 98. Opera version 9.64 is the last of the 9.xx versions. Version 9.62 had this problem: Opera 9.62 file:// Local Heap Overflow Exploit http://www.vupen.com/english/advisories/2008/3183 Which was corrected in 9.63 or 9.64. Then there is this: Opera 9.64 (7400 nested elements) XML Parsing Remote Crash Exploit Which affects version 9.64, but all it appears to do is to crach Opera, not gain control of the system running it. The fact that vulnerabilities are not reported for Firefox 2.0.0.20 does not indicate that they don't exist, only that the product is considered End Of Life and is no longer checked for vulnerabilities, AFAIK. Do you have any links to show that v.2.0.0.20 is even being tested for any recent vulnerabilities? If you're aware of ANY browser vulnerabilities that allow attackers to gain control of remote systems which are NOT ultimately heap overflows (resulting in the execution of arbitrary code), then please describe them. It's my impression that all such browser vulnerabilities boil down to heap overflows (even if they are java or script facilitated), and there is no heap-overflow code that has ever been shown to work on both win-9x and NT-based systems simultaneously. The point being that code must be developed specifically for win-9x and be in a position to be deployed in those cases where 9x systems are encountered - an increasingly unlikely situation. Mozilla does not appear to check the old versions any longer and I see no evidence that any other groups do, including Secunia. Most vendors will simply issue a blanket statement along the lines that a given vulnerability is present in the current - AND ALL PREVIOUS VERSIONS without really testing all previous versions. That's particularly true with Adobe Acrobat version 6.x family. Opera 9.64 is AFAIR only very recently EOL, or else not EOL till sometime in October....I don't have time right now to look it up. There is some indication that there is a 9.65 version circa August 2009 (google for Opera 9.65 and you'll get some hits). Specifically: http://wakoopa.com/download/opera/9.65 Which might have been a beta version of Opera 10. Similarly, Comunicator 4.79 has been EOL for quite some time, and no one is checking it for vulnerabilities, so the fact they are not being reported does not mean they don't exist. Remember, I don't use communicator 4.79 for web browsing. Only email and usenet, and as such it's a bulletproof app for that. Not true. Overly broad statements which fail to address: known un-patched vulnerabilities; individual user activities; external scripting/JAVA/other used within; that the party making statement fails to appreciate the effect of memory corruption, heap overflows, and other within the OS environment; and other aspects that MUST ALL be taken under consideration when using any application upon the Internet [and locally for that matter] or when considering the effect of any particular vulnerability, exploit, or related: http://www.google.com/search?hl=en&q...ulnerabilities http://www.google.com/search?hl=en&q...ulnerabilities http://www.google.com/search?q=commu...+vulnerability http://www.google.com/search?hl=en&q...ulner ability http://www.securityforumz.com/Worms-...opict5125.html http://www.google.com/search?hl=en&q=NNTP+vulnerability http://www.google.com/search?hl=en&q...+vulnerability http://www.google.com/search?hl=en&q...rruption+hacks http://www.google.com/search?hl=en&q...ulnerabilities http://www.google.com/search?hl=en&q...rruption+hacks http://www.google.com/search?hl=en&q...ulnerabilities Please avoid using 98 Guy as a supposed expert for anything related to security. This party apparently likes to discuss issues solely for amusement or personal enjoyment. -- MEB http://peoplescounsel.org/ref/windows-main.htm Windows Info, Diagnostics, Security, Networking http://peoplescounsel.org The "real world" of Law, Justice, and Government ___--- |
#17
|
|||
|
|||
Opera for windows 98
98 Guy wrote:
glee wrote: I wouldn't call either http://www.opera.com/support/kb/view/929/ or http://www.opera.com/support/kb/view/934/ exactly trivial, though they aren't critical. ----------------- 929: Sites using revoked intermediate certificates might be shown as secure Opera does not check the revocation status for intermediate certificates not served by the server. If the intermediate is revoked, this might not impact the security rating in Opera, and the site might be shown as secure. 934: Opera accepts nulls and invalid wildcards in certificates Certificate authorities are expected to vet all certificate registrations, but may fail to prevent fraudulent or erroneous registrations. Certificates which use a wild card immediately before the top level domain, or nulls in the domain name, may pass validation checks in Opera. Sites using such certificates may then incorrectly be presented as secure. ------------------ Note that the above 2 issues were part of a group of 4 that were announced about 3 weeks ago, and it does affect all versions of Opera 10.00.20090830. Those problems allow for "man-in-the-middle" spoofing attempts, which themselves depend on a cascade of pre-existing vulnerabilities and circumstances to be in place in order to successfully gain control of an arbitrary system, which become much less possible if the system in question is running Windows 98. Opera version 9.64 is the last of the 9.xx versions. Version 9.62 had this problem: Opera 9.62 file:// Local Heap Overflow Exploit http://www.vupen.com/english/advisories/2008/3183 Which was corrected in 9.63 or 9.64. Then there is this: Opera 9.64 (7400 nested elements) XML Parsing Remote Crash Exploit Which affects version 9.64, but all it appears to do is to crach Opera, not gain control of the system running it. The fact that vulnerabilities are not reported for Firefox 2.0.0.20 does not indicate that they don't exist, only that the product is considered End Of Life and is no longer checked for vulnerabilities, AFAIK. Do you have any links to show that v.2.0.0.20 is even being tested for any recent vulnerabilities? If you're aware of ANY browser vulnerabilities that allow attackers to gain control of remote systems which are NOT ultimately heap overflows (resulting in the execution of arbitrary code), then please describe them. It's my impression that all such browser vulnerabilities boil down to heap overflows (even if they are java or script facilitated), and there is no heap-overflow code that has ever been shown to work on both win-9x and NT-based systems simultaneously. The point being that code must be developed specifically for win-9x and be in a position to be deployed in those cases where 9x systems are encountered - an increasingly unlikely situation. Mozilla does not appear to check the old versions any longer and I see no evidence that any other groups do, including Secunia. Most vendors will simply issue a blanket statement along the lines that a given vulnerability is present in the current - AND ALL PREVIOUS VERSIONS without really testing all previous versions. That's particularly true with Adobe Acrobat version 6.x family. Opera 9.64 is AFAIR only very recently EOL, or else not EOL till sometime in October....I don't have time right now to look it up. There is some indication that there is a 9.65 version circa August 2009 (google for Opera 9.65 and you'll get some hits). Specifically: http://wakoopa.com/download/opera/9.65 Which might have been a beta version of Opera 10. Similarly, Comunicator 4.79 has been EOL for quite some time, and no one is checking it for vulnerabilities, so the fact they are not being reported does not mean they don't exist. Remember, I don't use communicator 4.79 for web browsing. Only email and usenet, and as such it's a bulletproof app for that. Not true. Overly broad statements which fail to address: known un-patched vulnerabilities; individual user activities; external scripting/JAVA/other used within; that the party making statement fails to appreciate the effect of memory corruption, heap overflows, and other within the OS environment; and other aspects that MUST ALL be taken under consideration when using any application upon the Internet [and locally for that matter] or when considering the effect of any particular vulnerability, exploit, or related: http://www.google.com/search?hl=en&q...ulnerabilities http://www.google.com/search?hl=en&q...ulnerabilities http://www.google.com/search?q=commu...+vulnerability http://www.google.com/search?hl=en&q...ulner ability http://www.securityforumz.com/Worms-...opict5125.html http://www.google.com/search?hl=en&q=NNTP+vulnerability http://www.google.com/search?hl=en&q...+vulnerability http://www.google.com/search?hl=en&q...rruption+hacks http://www.google.com/search?hl=en&q...ulnerabilities http://www.google.com/search?hl=en&q...rruption+hacks http://www.google.com/search?hl=en&q...ulnerabilities Please avoid using 98 Guy as a supposed expert for anything related to security. This party apparently likes to discuss issues solely for amusement or personal enjoyment. -- MEB http://peoplescounsel.org/ref/windows-main.htm Windows Info, Diagnostics, Security, Networking http://peoplescounsel.org The "real world" of Law, Justice, and Government ___--- |
#18
|
|||
|
|||
Opera for windows 98
MEB wrote:
98 Guy wrote: glee wrote: I wouldn't call either http://www.opera.com/support/kb/view/929/ or http://www.opera.com/support/kb/view/934/ exactly trivial, though they aren't critical. ----------------- 929: Sites using revoked intermediate certificates might be shown as secure Opera does not check the revocation status for intermediate certificates not served by the server. If the intermediate is revoked, this might not impact the security rating in Opera, and the site might be shown as secure. 934: Opera accepts nulls and invalid wildcards in certificates Certificate authorities are expected to vet all certificate registrations, but may fail to prevent fraudulent or erroneous registrations. Certificates which use a wild card immediately before the top level domain, or nulls in the domain name, may pass validation checks in Opera. Sites using such certificates may then incorrectly be presented as secure. ------------------ Note that the above 2 issues were part of a group of 4 that were announced about 3 weeks ago, and it does affect all versions of Opera 10.00.20090830. Those problems allow for "man-in-the-middle" spoofing attempts, which themselves depend on a cascade of pre-existing vulnerabilities and circumstances to be in place in order to successfully gain control of an arbitrary system, which become much less possible if the system in question is running Windows 98. Opera version 9.64 is the last of the 9.xx versions. Version 9.62 had this problem: Opera 9.62 file:// Local Heap Overflow Exploit http://www.vupen.com/english/advisories/2008/3183 Which was corrected in 9.63 or 9.64. Then there is this: Opera 9.64 (7400 nested elements) XML Parsing Remote Crash Exploit Which affects version 9.64, but all it appears to do is to crach Opera, not gain control of the system running it. The fact that vulnerabilities are not reported for Firefox 2.0.0.20 does not indicate that they don't exist, only that the product is considered End Of Life and is no longer checked for vulnerabilities, AFAIK. Do you have any links to show that v.2.0.0.20 is even being tested for any recent vulnerabilities? If you're aware of ANY browser vulnerabilities that allow attackers to gain control of remote systems which are NOT ultimately heap overflows (resulting in the execution of arbitrary code), then please describe them. It's my impression that all such browser vulnerabilities boil down to heap overflows (even if they are java or script facilitated), and there is no heap-overflow code that has ever been shown to work on both win-9x and NT-based systems simultaneously. The point being that code must be developed specifically for win-9x and be in a position to be deployed in those cases where 9x systems are encountered - an increasingly unlikely situation. Mozilla does not appear to check the old versions any longer and I see no evidence that any other groups do, including Secunia. Most vendors will simply issue a blanket statement along the lines that a given vulnerability is present in the current - AND ALL PREVIOUS VERSIONS without really testing all previous versions. That's particularly true with Adobe Acrobat version 6.x family. Opera 9.64 is AFAIR only very recently EOL, or else not EOL till sometime in October....I don't have time right now to look it up. There is some indication that there is a 9.65 version circa August 2009 (google for Opera 9.65 and you'll get some hits). Specifically: http://wakoopa.com/download/opera/9.65 Which might have been a beta version of Opera 10. Similarly, Comunicator 4.79 has been EOL for quite some time, and no one is checking it for vulnerabilities, so the fact they are not being reported does not mean they don't exist. Remember, I don't use communicator 4.79 for web browsing. Only email and usenet, and as such it's a bulletproof app for that. Not true. Overly broad statements which fail to address: known un-patched vulnerabilities; individual user activities; external scripting/JAVA/other used within; that the party making statement fails to appreciate the effect of memory corruption, heap overflows, and other within the OS environment; and other aspects that MUST ALL be taken under consideration when using any application upon the Internet [and locally for that matter] or when considering the effect of any particular vulnerability, exploit, or related: http://www.google.com/search?hl=en&q...ulnerabilities http://www.google.com/search?hl=en&q...ulnerabilities http://www.google.com/search?q=commu...+vulnerability http://www.google.com/search?hl=en&q...ulner ability http://www.securityforumz.com/Worms-...opict5125.html http://www.google.com/search?hl=en&q=NNTP+vulnerability http://www.google.com/search?hl=en&q...+vulnerability http://www.google.com/search?hl=en&q...rruption+hacks http://www.google.com/search?hl=en&q...ulnerabilities http://www.google.com/search?hl=en&q...rruption+hacks http://www.google.com/search?hl=en&q...ulnerabilities Please avoid using 98 Guy as a supposed expert for anything related to security. This party apparently likes to discuss issues solely for amusement or personal enjoyment. ADDENDUM pursuant other segments of the 98 Guy post: September 29th, 2009 Research: Small DIY botnets prevalent in enterprise networks http://blogs.zdnet.com/security/?p=4485&tag=nl.e539 September 30th, 2009 New botnet hides commands as JPEG images http://blogs.zdnet.com/security/?p=4507 September 29th, 2009 Chinese hackers launch targeted attacks against foreign correspondents http://blogs.zdnet.com/security/?p=4476 Security http://news.cnet.com/8300-1009_3-83-...goryId=9729342 CERTIFICATES: http://www.google.com/search?&q=spac...certifica tes http://www.google.com/search?hl=en&q...s&start=0&sa=N http://linux.die.net/man/1/x509 An example for hack able: Pine+OpenSSL HOWTO http://www.madboa.com/geek/pine-ssl/ Dan Kaminsky shows how to hack and mimic legitimate SSL certificates http://www.searchsecurityasia.com/co...l-certificates http://www.sslshopper.com/article-de...g-firefox.html http://www.channelregister.co.uk/200...traffic_study/ *CAUTION* [duh, these may contain hacks leveraged against you or examples of same]: http://hackaday.com/2009/07/29/black...ll-characters/ http://www.ethicalhacker.net/content/view/31/24/ Wireless hack,Wifi hack & security http://thewifihack.com/blog/ eXploiting Local Stack on Windows http://www.hackinthebox.org/modules....rder=0&thold=0 -- MEB http://peoplescounsel.org/ref/windows-main.htm Windows Info, Diagnostics, Security, Networking http://peoplescounsel.org The "real world" of Law, Justice, and Government ___--- |
#19
|
|||
|
|||
Opera for windows 98
MEB wrote:
98 Guy wrote: glee wrote: I wouldn't call either http://www.opera.com/support/kb/view/929/ or http://www.opera.com/support/kb/view/934/ exactly trivial, though they aren't critical. ----------------- 929: Sites using revoked intermediate certificates might be shown as secure Opera does not check the revocation status for intermediate certificates not served by the server. If the intermediate is revoked, this might not impact the security rating in Opera, and the site might be shown as secure. 934: Opera accepts nulls and invalid wildcards in certificates Certificate authorities are expected to vet all certificate registrations, but may fail to prevent fraudulent or erroneous registrations. Certificates which use a wild card immediately before the top level domain, or nulls in the domain name, may pass validation checks in Opera. Sites using such certificates may then incorrectly be presented as secure. ------------------ Note that the above 2 issues were part of a group of 4 that were announced about 3 weeks ago, and it does affect all versions of Opera 10.00.20090830. Those problems allow for "man-in-the-middle" spoofing attempts, which themselves depend on a cascade of pre-existing vulnerabilities and circumstances to be in place in order to successfully gain control of an arbitrary system, which become much less possible if the system in question is running Windows 98. Opera version 9.64 is the last of the 9.xx versions. Version 9.62 had this problem: Opera 9.62 file:// Local Heap Overflow Exploit http://www.vupen.com/english/advisories/2008/3183 Which was corrected in 9.63 or 9.64. Then there is this: Opera 9.64 (7400 nested elements) XML Parsing Remote Crash Exploit Which affects version 9.64, but all it appears to do is to crach Opera, not gain control of the system running it. The fact that vulnerabilities are not reported for Firefox 2.0.0.20 does not indicate that they don't exist, only that the product is considered End Of Life and is no longer checked for vulnerabilities, AFAIK. Do you have any links to show that v.2.0.0.20 is even being tested for any recent vulnerabilities? If you're aware of ANY browser vulnerabilities that allow attackers to gain control of remote systems which are NOT ultimately heap overflows (resulting in the execution of arbitrary code), then please describe them. It's my impression that all such browser vulnerabilities boil down to heap overflows (even if they are java or script facilitated), and there is no heap-overflow code that has ever been shown to work on both win-9x and NT-based systems simultaneously. The point being that code must be developed specifically for win-9x and be in a position to be deployed in those cases where 9x systems are encountered - an increasingly unlikely situation. Mozilla does not appear to check the old versions any longer and I see no evidence that any other groups do, including Secunia. Most vendors will simply issue a blanket statement along the lines that a given vulnerability is present in the current - AND ALL PREVIOUS VERSIONS without really testing all previous versions. That's particularly true with Adobe Acrobat version 6.x family. Opera 9.64 is AFAIR only very recently EOL, or else not EOL till sometime in October....I don't have time right now to look it up. There is some indication that there is a 9.65 version circa August 2009 (google for Opera 9.65 and you'll get some hits). Specifically: http://wakoopa.com/download/opera/9.65 Which might have been a beta version of Opera 10. Similarly, Comunicator 4.79 has been EOL for quite some time, and no one is checking it for vulnerabilities, so the fact they are not being reported does not mean they don't exist. Remember, I don't use communicator 4.79 for web browsing. Only email and usenet, and as such it's a bulletproof app for that. Not true. Overly broad statements which fail to address: known un-patched vulnerabilities; individual user activities; external scripting/JAVA/other used within; that the party making statement fails to appreciate the effect of memory corruption, heap overflows, and other within the OS environment; and other aspects that MUST ALL be taken under consideration when using any application upon the Internet [and locally for that matter] or when considering the effect of any particular vulnerability, exploit, or related: http://www.google.com/search?hl=en&q...ulnerabilities http://www.google.com/search?hl=en&q...ulnerabilities http://www.google.com/search?q=commu...+vulnerability http://www.google.com/search?hl=en&q...ulner ability http://www.securityforumz.com/Worms-...opict5125.html http://www.google.com/search?hl=en&q=NNTP+vulnerability http://www.google.com/search?hl=en&q...+vulnerability http://www.google.com/search?hl=en&q...rruption+hacks http://www.google.com/search?hl=en&q...ulnerabilities http://www.google.com/search?hl=en&q...rruption+hacks http://www.google.com/search?hl=en&q...ulnerabilities Please avoid using 98 Guy as a supposed expert for anything related to security. This party apparently likes to discuss issues solely for amusement or personal enjoyment. ADDENDUM pursuant other segments of the 98 Guy post: September 29th, 2009 Research: Small DIY botnets prevalent in enterprise networks http://blogs.zdnet.com/security/?p=4485&tag=nl.e539 September 30th, 2009 New botnet hides commands as JPEG images http://blogs.zdnet.com/security/?p=4507 September 29th, 2009 Chinese hackers launch targeted attacks against foreign correspondents http://blogs.zdnet.com/security/?p=4476 Security http://news.cnet.com/8300-1009_3-83-...goryId=9729342 CERTIFICATES: http://www.google.com/search?&q=spac...certifica tes http://www.google.com/search?hl=en&q...s&start=0&sa=N http://linux.die.net/man/1/x509 An example for hack able: Pine+OpenSSL HOWTO http://www.madboa.com/geek/pine-ssl/ Dan Kaminsky shows how to hack and mimic legitimate SSL certificates http://www.searchsecurityasia.com/co...l-certificates http://www.sslshopper.com/article-de...g-firefox.html http://www.channelregister.co.uk/200...traffic_study/ *CAUTION* [duh, these may contain hacks leveraged against you or examples of same]: http://hackaday.com/2009/07/29/black...ll-characters/ http://www.ethicalhacker.net/content/view/31/24/ Wireless hack,Wifi hack & security http://thewifihack.com/blog/ eXploiting Local Stack on Windows http://www.hackinthebox.org/modules....rder=0&thold=0 -- MEB http://peoplescounsel.org/ref/windows-main.htm Windows Info, Diagnostics, Security, Networking http://peoplescounsel.org The "real world" of Law, Justice, and Government ___--- |
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Win 98 Firefox Users Should Consider Opera 9.27 | smith[_3_] | General | 13 | July 26th 08 04:48 PM |
Opera 9.5 Note | smith | General | 0 | June 21st 08 08:58 AM |
opera and mozillla are not working | [email protected] | General | 2 | June 7th 08 09:49 PM |
Running scripts in Opera like in IE | Larry | General | 2 | June 26th 06 08:28 AM |
Free OPERA registration | FACE | Improving Performance | 0 | August 31st 05 03:15 PM |