Skip to content

'Hackers' claim Firefox is fundamentally flawed

Featured Replies

Well what with it being open source, it shouldn't take that long to patch this one and start writing a new ECMAScript implementation then should it.

Hmm how bored am I, nope not that bored.

What more flawed than any of the MS products :P

I bet the only reason it was mentioned was becasue they were all BORED with the agenda mailny containing MS hacks :rofl:

Interestingly, I see Microsoft are refusing access to the Vista Kernal, saying it helps security.

It also prevents Symantec and McCafee developing effective alternatives to MS's oen protection software.

Interestingly, I see Microsoft are refusing access to the Vista Kernal, saying it helps security.

It also prevents Symantec and McCafee developing effective alternatives to MS's oen protection software.

I think thats a good decision on M$'s part... stops Rootkits being installed like Sonys copy protection thing.. and starforce too. (one less hackable thing)

it takes the pi$$ really, symantec and mcafee are considering legal action against ms for this.. "Windows Vista is too secure".. they owe their existance to previous windows versions being un-secure... they didnt whinge then!

But on the other hand we're putting all our eggs in one basket!

hhmm.. completely reliant on M$ security... yeah that'll go far!

But on the other hand we're putting all our eggs in one basket!

hhmm.. completely reliant on M$ security... yeah that'll go far!

id rather trust M$ than symantec (AKA Norton) and Mcafee.. :rofl:

id rather trust M$ than symantec (AKA Norton) and Mcafee.. :rofl:

Yeah good luck with that :D

I've never had any bother with Symantec AV (not norton AV btw) the proper corp edition :thumbup:

Yeah but getting past that kernel protection won't be hard.

It just means that other people won't be able to provide security fixes and will rely on the same techniques as the hackers to get into the kernel.

You have to be able to hook into the kernel to do certain programming tasks so there is a way in , and if there is a way in then crackers will find a way to subvert the protection of that way in.

Also while symantec and all are sh*te I can't see why MS couldn't find a way of providing a secured API into the kernel. People like symantec would have to let MS sign the code with a private RSA key and include the public key in vista or something, but that would still work.

It all sounds like the making of yet another long drawn out anti-trust case to me :D

My kernels make pop-corn!

No seriously, what is the kernel? is it like the main bit?

It's the bit in the middle that controls all the access to the real hardware and abstracts it away. Aboive it is userspace where most applications run.

In userspace an app in theory can't get at another apps resources, in kernel space this isn't true as it might be required for the hardware.

Doing things in kernel space is 'dangerous' if you don't know what you are doing or if you want to mess things up.

  • Author

Claimed security hole in Firefox "just a joke" :o

The allegedly critical hole reported yesterday in Firefox's JavaScript implementation has turned out' date=' not surprisingly, to be a hoax. Mischa Spiegelmock, who made the claim at the Toorcon hacker conference, told Mozilla's security chief Window Snyder, "The main purpose of our talk was to be humorous."

While it is possible to create a stack overflow, the only result he has been able to produce is a browser crash. Neither he, nor anyone else, has managed to execute code via this hole. Spiegelmock claims to know nothing about the other 30 holes reported in the media. The Mozilla team nevertheless plans to look into the matter in order to detect and remedy any flaws.

[/quote']

heise Security - News - Claimed security hole in Firefox "just a joke"

people will always find a problem with MS products as they spend their entire life doing it then try and make MS look stupid because their bit of software that supports thousands of different pieces of hardware and lets endless amounts of software to be written so it works on it can go wrong, get a life.

Just to illustrate cheezemonkhai's excellent explanation, here's an excellent diagram showing the NT architecture....

468px-Windows_2000_architecture.svg.png

Chris

  • Administrators

Well ditch windows...I've finally figured linux out and can do everything I could do in windows in linux, I'm on ubuntu at the moment, no complaints or problems.

Intererstingly a similar topic arose on a mac forum, with more locks and tie in's it seems a few; and it is only ever a few, are moving to linux.

I'm actually just using linux as a stop gap to a mac, but I'm liking it more each day...so who knows, maybe I'll stick.

I'm still trying to get my head around Linux, I'm currently playing with Xandros on my second machine. Just as I think I'm getting somewhere it does something I didn't expect and I have to start again.

And the other advantage of Linux is that if you find a bug, you can just modify the source, rebuild the kernel and off you go :rofl:

Chris

You joke, but i have done that quite a few times.

Run ubuntu, red hat, gentoo and windows XP myself. Wouldn't mind a mac too

Just to illustrate cheezemonkhai's excellent explanation, here's an excellent diagram showing the NT architecture....

468px-Windows_2000_architecture.svg.png

Chris

And to ellaborate a bit more...

In windows there are two types of drivers (the software that controls hardware connected to your computer): User mode and Kernal mode..

In previous versions of windows... all drivers were kernal-mode, which usually meant if one part of the driver failed or crashed.. you would end up with the legendary bsod... blue screen of death as the whole computer crashed..

in windows 2000 they introduced "user mode" drivers for printers (which was allegedly what caused most the problems with NT4 instability) - this means that the driver runs in the userspace.. so if it crashes, it doesnt take the whole system down. and can be re-started.

in Vista.. now their new driver-model means that all drivers should be user-mode... graphics drivers, sound drivers.. hence more stable operating system in theory :rofl:

well i think i have seen this in action Neo as we sometimes get a message come up saying that so an so has stopped working and needs to be re-started(the individual thing not the whole system) and what i assume is a direct result we hardly ever get the BSOD compared to before so maybe it is a more reliable system.

the main problem we have is that most of our system is old, its an XP3000+ that was built when it was fairly high in the range :o

years old, we are planning an upgrade to core 2 duo over the next month or 2 :)

In NT3.5/3.51 and IIRC 4 the gfx drivers were user mode, but got put back into kernel space as it was too slow.

The problem with user mode drivers is they still have to talk via the kernel and the cooms between userland and kernel space is quite slow relatively speaking.

Hence anything that needs to be properly fast, such as graphics drivers needs to be in kernel space really.

Create an account or sign in to comment

Recently Browsing 0

  • No registered users viewing this page.

Important Information

Welcome to BRISKODA. Please note the following important links Terms of Use. We have a comprehensive Privacy Policy. We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

Account

Navigation

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.