[DUG] Offtopic - but....

Paul A Norman paul.a.norman at gmail.com
Wed Jan 20 20:37:18 NZDT 2010 

If you need to check output/pages against the three main engines for
any reason - have a look at this:

http://www.lunascape.tv/

"Lunascape is the world’s only triple engine browser. What this means
is that you can have the best features, performance, and speed of,
Windows Internet Explorer, Mozilla Firefox, Google Chrome, and Apple
Safari all in one browser and can view any website in an optimal way
without a need to open another browser.

"Yeah, that’s right. Lunascape = IE (Trident)+Firefox
(Gecko)+Chrome・Safari (Webkit)

"On top of that, our technology achieves one of the fastest browsing
speed and provides you with full of features and customizable options.
..."

Paul

2010/1/20 John Bird <johnkbird at paradise.net.nz>:
> Scaremongering?   Here is the Microsoft advisory link
>
> http://www.microsoft.com/technet/security/advisory/979352.mspx
>
> Some excerpts:
>
> "Our investigation so far has shown that Internet Explorer 5.01 Service Pack
> 4 on Microsoft Windows 2000 Service Pack 4 is not affected, and that
> Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4,
> and Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 on
> supported editions of Windows XP, Windows Server 2003, Windows Vista,
> Windows Server 2008, Windows 7, and Windows Server 2008 R2 are vulnerable."
>
> "In a Web-based attack scenario, an attacker could host a Web site that
> contains a Web page that is used to exploit this vulnerability. In addition,
> compromised Web sites and Web sites that accept or host user-provided
> content or advertisements could contain specially crafted content that could
> exploit this vulnerability. In all cases, however, an attacker would have no
> way to force users to visit these Web sites. Instead, an attacker would have
> to convince users to visit the Web site, typically by getting them to click
> a link in an e-mail message or Instant Messenger message that takes users to
> the attacker's Web site."
>
> An attacker who successfully exploited this vulnerability could gain the
> same user rights as the local user. Users whose accounts are configured to
> have fewer user rights on the system could be less affected than users who
> operate with administrative user rights.
> "By default, all supported versions of Microsoft Outlook, Microsoft Outlook
> Express, and Windows Mail open HTML e-mail messages in the Restricted sites
> zone. The Restricted sites zone helps mitigate attacks that could try to
> exploit this vulnerability by preventing Active Scripting and ActiveX
> controls from being used when reading HTML e-mail messages. However, if a
> user clicks a link in an e-mail message, the user could still be vulnerable
> to exploitation of this vulnerability through the Web-based attack
> scenario."
>
> Here is from that page the list of affected products:
>
> This advisory discusses the following software.
> Affected Software
>
> Microsoft Windows 2000 Service Pack 4
>
> Windows XP Service Pack 2 and Windows XP Service Pack 3
>
> Windows XP Professional x64 Edition Service Pack 2
>
> Windows Server 2003 Service Pack 2
>
> Windows Server 2003 x64 Edition Service Pack 2
>
> Windows Server 2003 with SP2 for Itanium-based Systems
>
> Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack
> 2
>
> Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and
> Windows Vista x64 Edition Service Pack 2
>
> Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit
> Systems Service Pack 2
>
> Windows Server 2008 for x64-based Systems and Windows Server 2008 for
> x64-based Systems Service pack 2
>
> Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for
> Itanium-based Systems Service Pack 2
>
> Windows 7
>
> Windows 7 for x64-based Systems
>
> Windows Server 2008 R2 for x64-based Systems
>
> Windows Server 2008 R2 for Itanium-based Systems
>
> Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4
>
> Internet Explorer 6 for Windows XP Service Pack 2, Windows XP Service Pack
> 3, and Windows XP Professional x64 Edition Service Pack 2
>
> Internet Explorer 6 for Windows Server 2003 Service Pack 2, Windows Server
> 2003 with SP2 for Itanium-based Systems, and Windows Server 2003 x64 Edition
> Service Pack 2
>
> Internet Explorer 7 for Windows XP Service Pack 2 and Windows XP Service
> Pack 3, and Windows XP Professional x64 Edition Service Pack 2
>
> Internet Explorer 7 for Windows Server 2003 Service Pack 2, Windows Server
> 2003 with SP2 for Itanium-based Systems, and Windows Server 2003 x64 Edition
> Service Pack 2
>
> Internet Explorer 7 in Windows Vista, Windows Vista Service Pack 1, Windows
> Vista Service Pack 2, Windows Vista x64 Edition, Windows Vista x64 Edition
> Service Pack 1, and Windows Vista x64 Edition Service Pack 2
>
> Internet Explorer 7 in Windows Server 2008 for 32-bit Systems and Windows
> Server 2008 for 32-bit Systems Service Pack 2
>
> Internet Explorer 7 in Windows Server 2008 for Itanium-based Systems and
> Windows Server 2008 for Itanium-based Systems Service Pack 2
>
> Internet Explorer 7 in Windows Server 2008 for x64-based Systems and Windows
> Server 2008 for x64-based Systems Service Pack 2
>
> Internet Explorer 8 for Windows XP Service Pack 2, Windows XP Service Pack
> 3, and Windows XP Professional x64 Edition Service Pack 2
>
> Internet Explorer 8 for Windows Server 2003 Service Pack 2, and Windows
> Server 2003 x64 Edition Service Pack 2
>
> Internet Explorer 8 in Windows Vista, Windows Vista Service Pack 1, Windows
> Vista Service Pack 2, Windows Vista x64 Edition, Windows Vista x64 Edition
> Service Pack 1, and Windows Vista x64 Edition Service Pack 2
>
> Internet Explorer 8 in Windows Server 2008 for 32-bit Systems and Windows
> Server 2008 for 32-bit Systems Service Pack 2
>
> Internet Explorer 8 in Windows Server 2008 for x64-based Systems and Windows
> Server 2008 for x64-based Systems Service Pack 2
>
> Internet Explorer 8 in Windows 7 for 32-bit Systems
>
> Internet Explorer 8 in Windows 7 for x64-based Systems
>
> Internet Explorer 8 in Windows Server 2008 R2 for x64-based Systems
>
> Internet Explorer 8 in Windows Server 2008 R2 for Itanium-based Systems
>
> Here is the list of Non-affected versions:
> Non-Affected Software
>
> Internet Explorer 5.01 Service Pack 4 for Microsoft Windows 2000 Service
> Pack 4
>
> So you are safe if you are running IE5 on Windows 2000.
>
> John Bird
> JBCL
> Contact:
> johnkbird at paradise.net.nz
> jbclnz at xtra.co.nz
> 027 4844528
> http://jbclnz.googlepages.com
> http://www.jbcl.co.nz
> ----- Original Message -----
> From: "Jeremy North" <jeremy.north at gmail.com>
> To: "NZ Borland Developers Group - Delphi List" <delphi at delphi.org.nz>
> Sent: Wednesday, January 20, 2010 12:25 PM
> Subject: Re: [DUG] Offtopic - but....
>
>
>> while it affects IE6 on XP most no versions are immune.
>
> Scaremongering much John?
>
> On Wed, Jan 20, 2010 at 10:20 AM, John Bird <johnkbird at paradise.net.nz>
> wrote:
>> In Chrome you can find out what is using CPU for each tab, there is a task
>> manager.
>>
>> Try the Firefox 3.6 beta
>>
>> I really really would hesitate to use IE at the moment, seeing as all
>> versions including IE8 on Windows 7 are vulnerable to the latest China
>> exploit - while it affects IE6 on XP most no versions are immune.
>> Especially if you are known to have access to any valuable intellectual
>> property!
>>
>> Chrome UI is an acquired taste, personally I find Firefox Chrome and Opera
>> all comparable in speed, Chrome and Opera are the speed freaks in most
>> tests. Safari is also very fast but tends to have more security issues
>> than
>> the others.
>>
>> >From what I have gathered, as details are deliberately a bit vague the
>> "China attacks" worked like this:
>>
>> -They tried to hack into Gmail/Yahoo/Hotmaill accounts of known china
>> activists and supporters. Gmail has now changed its default to https to
>> make this harder - others are expected to follow.
>>
>> -Last year there were targeted emails sent to certain staff in the Dalai
>> Lama's office, looking to be from someone the person knew with links to an
>> innocuous web site, or attached photos/PDFs which had a malware dropper in
>> it. Once loaded on the target PC, the Trojan started monitoring all email
>> traffic and logins, and turned on web cams and microphones to monitor what
>> was happening in the office around the PC, ie conversations nearby were
>> also
>> being monitored.
>>
>> Once security specialists were called in, they found also a significant
>> number of Asian embassies of various countries also had similar spyware
>> installed - it was described as the most sophisticated and comprehensive
>> spyware ever seen
>>
>> The traffic looked to being sent to a site in China and Taiwan physically
>> close to the Chinese governments electronic monitoring site, however
>> no-one
>> was sure of this as it could in theory have been going anywhere.
>>
>> -The Google and Adobe attacks this year look to be similar - There were
>> targeted emails sent to staff deduced to have privileged access on
>> networks
>> eg to source repositories. The emails apparently looked innocuous and from
>> parties known to the receiver (this is the targeted part - the senders had
>> done careful research). Once installed the malware started downloading the
>> source it could locate to web sites that Google identified as being
>> Chinese.
>> Google say up to 30 firms in California were targeted. The fact that they
>> had publicly identified China as the offender implies they have done some
>> thorough tracking of the destination of stolen data.
>>
>> This exploit is mainly in IE, and may also involve a PDF exploit as well.
>> By all accounts Microsoft have conceded there is a problem in IE6 and do
>> not
>> yet have a fix, and it is not certain it can be fixed. Turning the
>> security
>> zone settings to High makes it less likely but is still not an absolute
>> preventative. All versions of IE have this vulnerability.
>>
>> There was a similar serious problem with https in 2009 where a rogue web
>> site could impersonate a legitimate site using a specially crafted digital
>> certificate that had a binary null between the name of the impersonated
>> site
>> and the false site name - this allowed the certificate to be verified but
>> the impersonated name would be shown, not the true impersonating domain.
>> This meant that a man-in-the-middle attack for https traffic to in
>> particular bank web sites became possible with no warning in the browser
>> as
>> the certificate looked to be verified (it was but for the malware domain).
>> This vulnerability was fixed quite fast, but interestingly on Windows it
>> affected IE, Chrome, Opera and Safari as they all used a Microsoft
>> component
>> to verify digital certificates - Firefox was the only browser immune in
>> this
>> case as it used its own component.
>>
>> Personally I prefer Firefox as its fast enough (close to if not fastest),
>> best bookmarks search, and fastest consistently to fix security holes.
>> However security is a constantly moving target and all software has its
>> vulnerabilities.
>>
>> John
>>
>> From: "Jeremy North" <jeremy.north at gmail.com>
>> To: "NZ Borland Developers Group - Delphi List" <delphi at delphi.org.nz>
>> Sent: Wednesday, January 20, 2010 10:28 AM
>> Subject: Re: [DUG] Offtopic - but....
>>
>>
>> I'm sorry but I disagree. If all of those tabs are loaded then it
>> shouldn't be using any CPU, or a very small amount.
>>
>> Firefox has security issues, just like IE.
>>
>> I use both but prefer IE, it handles flash a lot better than Firefox.
>>
>> Couldn't get into Chrome.
>>
>> I installed Firefox on the mac but it just seems out of place so
>> generally use Safari - even though it is a pain to use. I don't browse
>> often on the mac.
>>
>> On Tue, Jan 19, 2010 at 6:13 PM, John Bird <johnkbird at paradise.net.nz>
>> wrote:
>>> My Firefox (3.7) is using 12-13%cpu and 400MB with 88 tabs open at the
>>> moment. Thats not too bad...
>>>
>>> John
>>>
>>> From: Sean Cross
>>>
>>> To: NZ Borland Developers Group - Delphi List
>>> Sent: Tuesday, January 19, 2010 4:50 PM
>>> Subject: Re: [DUG] Offtopic - but....
>>>
>>> Ram? I find processor usage is the problem. It can suck up 30% of my
>>> processor for no apparent reason when it's just sitting in the
>>> background!
>>>
>>>
>>>
>>> Regards
>>>
>>>
>>>
>>> Sean Cross
>>> CIO
>>>
>>>
>>>
>>> Catalyst Risk Management
>>> PO Box 230
>>> Napier 4140
>>> DDI: 06-8340362
>>> Mobile: 021270 3466
>>>
>>>
>>>
>>> Visit us at http://www.catalystrisk.co.nz
>>>
>>>
>>>
>>> Offices in Auckland, Hamilton, Napier, Wellington, Christchurch & Dunedin
>>>
>>>
>>>
>>> Disclaimer:
>>> "The information contained in this document is confidential to the
>>> addressee(s) and may be legally privileged. Any view or opinions
>>> expressed
>>> are those of the author and may not be those of Catalyst Risk Management.
>>> No
>>> guarantee or representation is made that this communication is free of
>>> errors, viruses or interference. If you have received this e-mail message
>>> in
>>> error please delete it and notify me. Thank you."
>>>
>>>
>>>
>>>
>>>
>>> From: delphi-bounces at delphi.org.nz [mailto:delphi-bounces at delphi.org.nz]
>>> On
>>> Behalf Of Jeremy Coulter
>>> Sent: Tuesday, 19 January 2010 12:03 p.m.
>>> To: NZ Borland Developers Group - Delphi List
>>> Subject: [DUG] Offtopic - but....
>>>
>>>
>>>
>>> I know thi sis offtopic, but does anyone know WHY FireFox consumse SO
>>> MUCH
>>> RAM ??
>>> I have 8 tabs open and its usign over 400MB !! Its complete madness ! I
>>> have started going off Firefox lately. On ym Vista 64bit install at home,
>>> I
>>> cant do an F5 to refresh, I have to do a CTRL+F5 ..... grrr
>>>
>>>
>>> Jeremy
>>>
>>> ________________________________
>>>
>>> _______________________________________________
>>> NZ Borland Developers Group - Delphi mailing list
>>> Post: delphi at delphi.org.nz
>>> Admin: http://delphi.org.nz/mailman/listinfo/delphi
>>> Unsubscribe: send an email to delphi-request at delphi.org.nz with Subject:
>>> unsubscribe
>>>
>>> ________________________________
>>>
>>> _______________________________________________
>>> NZ Borland Developers Group - Delphi mailing list
>>> Post: delphi at delphi.org.nz
>>> Admin: http://delphi.org.nz/mailman/listinfo/delphi
>>> Unsubscribe: send an email to delphi-request at delphi.org.nz with Subject:
>>> unsubscribe
>>>
>>> _______________________________________________
>>> NZ Borland Developers Group - Delphi mailing list
>>> Post: delphi at delphi.org.nz
>>> Admin: http://delphi.org.nz/mailman/listinfo/delphi
>>> Unsubscribe: send an email to delphi-request at delphi.org.nz with Subject:
>>> unsubscribe
>>>
>>
>> _______________________________________________
>> NZ Borland Developers Group - Delphi mailing list
>> Post: delphi at delphi.org.nz
>> Admin: http://delphi.org.nz/mailman/listinfo/delphi
>> Unsubscribe: send an email to delphi-request at delphi.org.nz with Subject:
>> unsubscribe
>>
>>
>> _______________________________________________
>> NZ Borland Developers Group - Delphi mailing list
>> Post: delphi at delphi.org.nz
>> Admin: http://delphi.org.nz/mailman/listinfo/delphi
>> Unsubscribe: send an email to delphi-request at delphi.org.nz with Subject:
>> unsubscribe
>>
>
> _______________________________________________
> NZ Borland Developers Group - Delphi mailing list
> Post: delphi at delphi.org.nz
> Admin: http://delphi.org.nz/mailman/listinfo/delphi
> Unsubscribe: send an email to delphi-request at delphi.org.nz with Subject:
> unsubscribe
>
>
> _______________________________________________
> NZ Borland Developers Group - Delphi mailing list
> Post: delphi at delphi.org.nz
> Admin: http://delphi.org.nz/mailman/listinfo/delphi
> Unsubscribe: send an email to delphi-request at delphi.org.nz with Subject: unsubscribe
>

More information about the Delphi mailing list