[Owasp-singapore] [security-77] Does the DirectDraw vulnerability affect non-IE browser too?

Winston.Leong at sg.ey.com Winston.Leong at sg.ey.com
Tue Jul 14 23:00:38 EDT 2009


To be fair, this vulnerability affected a particular plugin in IE, not the
browser itself.

All browsers has their own issues, you install one, you make sure you patch
that one more. I believe safe browsing is still the fundamental protection
that is required rather than a technical solution.

Just for the scoreboard, Firefox just got 0-dayed against with another
vulnerability.
http://www.f-secure.com/vulnerabilities/SA200903371

Regards, Winston Leong
                                                                                                      
 (Embedded image moved   Winston Leong | Technology and Security Risk Services                        
 to file: pic32371.gif)                                                                               
                                                                                                      
                         Ernst & Young Risk Advisory Services Pte. Ltd                                
                                                                                                      
                         One Raffles Quay, North Tower, Level 18, Singapore 048583                    
                                                                                                      
                         Office: +65 6309 6766 | Fax: +65 6532 7662                                   
                                                                                                      
                         Mobile: +65 9028 3600                                                        
                                                                                                      
                         Website: www.ey.com                                                          
                                                                                                      
                         Thank you for considering the environmental impact of printing emails.       
                                                                                                      





The information contained in this communication is intended solely for the
use of the individual or entity to whom it is addressed and others
authorized to receive it. It may contain confidential or legally privileged
information. If you are not the intended recipient you are hereby notified
that any disclosure, copying, distribution or taking any action in reliance
on the contents of this information is strictly prohibited and may be
unlawful. If you have received this communication in error, please notify
us immediately by responding to this email and then delete it from your
system. We are neither liable for the proper and complete transmission of
the information contained in this communication nor for any delay in its
receipt.

Ernst & Young LLP (UEN T08LL0859H) is an accounting limited
liability partnership registered in Singapore under the Limited Liability
Partnerships Act (Chapter 163A). On 1 July 2008, it was converted from a
firm to a limited liability partnership.

Ernst & Young Solutions LLP (UEN T08LL0784H) is a limited
liability partnership registered in Singapore under the Limited Liability
Partnerships Act (Chapter 163A).

Ernst & Young Advisory Pte. Ltd. is a company incorporated in Singapore
with UEN 198905395E.

Ernst & Young Corporate Finance Pte Ltd is a company incorporated in
Singapore with UEN 199702967E.

Ernst & Young Customs & International Trade Services Private Limited is a
company incorporated in Singapore with UEN 200206660G.

                                                                           
             fs chan                                                       
             <chanfs16 at gmail.c                                             
             om>                                                        To 
             Sent by:                  Wong Onn Chee <ocwong at usa.net>      
             owasp-singapore-b                                          cc 
             ounces at lists.owas         security-77 at meetup.com,             
             p.org                     owasp-singapore at lists.owasp.org     
                                                                   Subject 
                                       Re: [Owasp-singapore] [security-77] 
             13/07/2009 09:36          Does the DirectDraw                 
             PM                        vulnerability affect non-IE browser 
                                       too?                                
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           




yes, and usually IE is the one browser...  i am still wondering why....




On Sun, Jul 12, 2009 at 5:37 PM, Wong Onn Chee<ocwong at usa.net> wrote:
> Thanks, Aung.
>
> This incident further gives merit to the good  practice to use multiple
> browsers. :-)
>
> That's why I find corporates, who standardise on only 1 browser, look a
bit
> naive in terms of web security.
>
> Just like one should not only have firewalls from a single vendor, one
> should not only use web browser from a single vendor too.
>
> But well, good advice tends to fall on deaf ears.
>
> And many in Singapore have deaf ears. ;-)
> LOL.
>
> Cheers
> Onn Chee
>
> On 07/11/2009 11:59 PM, Aung Khant wrote:
>
> only IE 6,7 under
>
> Windows XP Service Pack 2 and Windows XP Service Pack 3
> Windows XP Professional x64 Edition Service Pack 2
> Windows Server 2003 Service Pack 2
> Windows Server 2003 x64 Edition Service Pack 2
> Windows Server 2003 with SP2 for Itanium-based Systems
>
>> The compromised websites link to a series of servers that exploit a
>> zero-day vulnerability in an IE component that processes media. The
>> vulnerability affects those using the XP and 2003 versions of Windows,
>> Microsoft warned in this advisory.
>
>
> On Sat, Jul 11, 2009 at 8:18 AM, Wong Onn Chee <ocwong at usa.net> wrote:
>>
>> Hi,
>>
>> Does anyone know whether the latest MS vulnerability also affect non-IE
>> browsers, such as Firefox and Opera, in Windows?
>>
>> Regards
>> Onn Chee
>>
>>
>>
>>
>> --
>> Please Note: If you hit "REPLY", your message will be sent to everyone
on
>> this mailing list (security-77 at meetup.com)
>> http://security.meetup.com/77/
>> This message was sent by Wong Onn Chee (ocwong at usa.net) from The
Singapore
>> Security Meetup Group.
>> To learn more about Wong Onn Chee, visit his/her member profile:
>> http://security.meetup.com/77/members/1756147/
>> To unsubscribe or to update your mailing list settings, click here:
>> http://www.meetup.com/account/comm/
>> Meetup Support: support at meetup.com
>> 632 Broadway, New York, NY 10012 USA
>>
>
>
>
> --
> Best Regards
> YGN Ethical Hacker Group
> http://yehg.net
>
>
>
>
>
> --
> Please Note: If you hit "REPLY", your message will be sent to everyone on
> this mailing list (security-77 at meetup.com)
> This message was sent by Aung Khant (aungkhant at yehg.net) from The
Singapore
> Security Meetup Group.
> To learn more about Aung Khant, visit his/her member profile
> To unsubscribe or to update your mailing list settings, click here
>
> Meetup Support: support at meetup.com
> 632 Broadway, New York, NY 10012 USA
>
> _______________________________________________
> Owasp-singapore mailing list
> Owasp-singapore at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-singapore
>
>



--
View my IT blog at http://fooksheng.blogspot.com/
_______________________________________________
Owasp-singapore mailing list
Owasp-singapore at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-singapore
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pic32371.gif
Type: image/gif
Size: 2521 bytes
Desc: not available
Url : https://lists.owasp.org/mailman/private/owasp-singapore/attachments/20090715/74b0827b/attachment.gif 


More information about the Owasp-singapore mailing list