|
|
Focus on Microsoft
RE: Browser Vulns Jul 14 2004 03:27PM Eric McCarty (eric lawmpd com) (1 replies) RE: Browser Vulns Jul 17 2004 02:09AM Laura A. Robinson (laurarobinson earthlink net) (2 replies) Re: Browser Vulns Jul 19 2004 04:25PM Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (sbradcpa pacbell net) (1 replies) Re: Browser Vulns Jul 19 2004 10:08PM James Riden (j riden massey ac nz) (2 replies) real world security though, was Re: Browser Vulns Jul 21 2004 07:32AM matthew patton (pattonme yahoo com) RE: Browser Vulns Jul 20 2004 03:43PM Kirk Foutts (kfoutts orenickcompanies com) (1 replies) RE: Browser Vulns Jul 23 2004 01:52AM Laura A. Robinson (larobins bellatlantic net) (1 replies) Re: Browser Vulns Jul 23 2004 01:56AM Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (sbradcpa pacbell net) (3 replies) Re: Browser Vulns Jul 23 2004 04:49PM Thor (thor hammerofgod com) (1 replies) Re: Browser Vulns Jul 23 2004 04:51PM Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (sbradcpa pacbell net) RE: Browser Vulns Jul 23 2004 02:01AM Laura A. Robinson (larobins bellatlantic net) (1 replies) Re: Browser Vulns Jul 23 2004 02:10AM Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (sbradcpa pacbell net) |
|
Privacy Statement |
Having spent time in a small (400+ user base)
organization, I'd say that your approach would work
much better, especially considering that Eric provides
no workable solution for "run desktop monitoring
software".
--- "Laura A. Robinson" <laurarobinson (at) earthlink (dot) net [email concealed]>
wrote:
> Just out of curiosity, how many (few) users do you
> have that this is a
> workable approach? And wouldn't ingress/egress
> monitoring be more effective
> than poking at cookies?
>
> Laura
>
> > -----Original Message-----
> > From: Eric McCarty [mailto:eric (at) lawmpd (dot) com [email concealed]]
> > Sent: Wednesday, July 14, 2004 11:27 AM
> > To: James Bowman; focus-ms (at) securityfocus (dot) com [email concealed]
> > Subject: RE: Browser Vulns
> >
> > I prefer Choice E : Education
> >
> > Tell your users what to do and not do, then run
> desktop
> > auditing software to review browser/cookie history
> to see
> > violators of the policy and take appropriate
> action.
> >
> > Patching wont help if no patch exists. Check out
> Pivx for choice B.
> >
> > Eric
> >
> > -----Original Message-----
> > From: James Bowman [mailto:jim (at) drexel (dot) edu [email concealed]]
> > Sent: Tuesday, July 13, 2004 9:11 PM
> > To: focus-ms (at) securityfocus (dot) com [email concealed]
> > Subject: Browser Vulns
> >
> >
> >
> >
> > Posing a question to Security Managers regarding
> the massive
> > attention now on browser vulnerabilities.
> >
> >
> >
> > How are you reacting (if at all):
> >
> > A: Patching
> >
> > B: HIPS / HIDS
> >
> > C: Content filtering via proxy
> >
> > D: Other...
> >
> >
> >
> > For those choosing B:, how is your flavor of HIPS
> / HIDS faring?
> >
> > For those choosing C:, what is working for you,
> and for
> > either B: or C:, is it signature or PAD based?
> >
> >
> >
> > JB
> >
> >
> >
>
--------------------------------------------------------------
> > -------------
> >
>
--------------------------------------------------------------
> > -------------
> >
> >
> >
>
--------------------------------------------------------------
> > -------------
> >
>
--------------------------------------------------------------
> > -------------
> >
>
>
>
------------------------------------------------------------------------
---
>
------------------------------------------------------------------------
---
>
>
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]