Comments on: Ask Jesse answer: Finding security holes http://www.squarefree.com/2005/05/05/ask-jesse-answer-finding-security-holes/ Jesse Ruderman on Firefox, security, and more Tue, 06 Jan 2009 03:55:29 +0000 http://wordpress.org/?v=2.5 By: killo http://www.squarefree.com/2005/05/05/ask-jesse-answer-finding-security-holes/#comment-1222 killo Sat, 07 May 2005 00:22:58 +0000 http://www.squarefree.com/2005/05/05/ask-jesse-answer-finding-security-holes/#comment-1222 Great series of articles. I love the honesty with which you compare objectively where each rival browser is more or less secure than Firefox. Compare and contrast the people on Mozilla blogs to the sycophantic blog posters on the IEBlog with moronic comments like: <blockquote> Can you please tell E-Eye to remove the lies they are spreading about Internet Explorer security holes: http://www.eeye.com/html/research/upcoming/index.html Monthly security patches were issued _after_ the first two were disclosed, but they are still saying "unpatched" on that page! Saying 'Microsoft leaves security holes unpatched for 2 months' is typical of the sort of lie that the FireFox kiddies will use to try to unfairly discredit Microsoft's security record. </blockquote> Great series of articles. I love the honesty with which you compare objectively where each rival browser is more or less secure than Firefox.

Compare and contrast the people on Mozilla blogs to the sycophantic blog posters on the IEBlog with moronic comments like:

Can you please tell E-Eye to remove the lies they are spreading about Internet Explorer security holes:
http://www.eeye.com/html/research/upcoming/index.html

Monthly security patches were issued _after_ the first two were disclosed, but they are still saying “unpatched” on that page!

Saying ‘Microsoft leaves security holes unpatched for 2 months’ is typical of the sort of lie that the FireFox kiddies will use to try to unfairly discredit Microsoft’s security record.

]]> By: Jeff Walden http://www.squarefree.com/2005/05/05/ask-jesse-answer-finding-security-holes/#comment-1207 Jeff Walden Thu, 05 May 2005 17:19:24 +0000 http://www.squarefree.com/2005/05/05/ask-jesse-answer-finding-security-holes/#comment-1207 Okay, that's getting in the direction I wanted. This sort of stuff has always intrigued me, because I've never had many ideas for how one would go from having what seems to be a fully working program to poking it in unorthodox ways to discovering bugs that can be used to twist the system beyond where it can safely fail. This article gives me a more informed starting point. Incidentally, I very, very recently (after I asked the question) stumbled upon a good online example of the sort of article I was requesting. See the article <a href="http://www.unixwiz.net/techtips/sql-injection.html" rel="nofollow">SQL Injection Attacks by Example</a> for a good introduction to finding security holes in database-enabled web applications, which goes through the process of starting from one web form to getting privileged access to the back-end data. Okay, that’s getting in the direction I wanted. This sort of stuff has always intrigued me, because I’ve never had many ideas for how one would go from having what seems to be a fully working program to poking it in unorthodox ways to discovering bugs that can be used to twist the system beyond where it can safely fail. This article gives me a more informed starting point.

Incidentally, I very, very recently (after I asked the question) stumbled upon a good online example of the sort of article I was requesting. See the article SQL Injection Attacks by Example for a good introduction to finding security holes in database-enabled web applications, which goes through the process of starting from one web form to getting privileged access to the back-end data.

]]>