Educause Security Discussion mailing list archives
web browser security zones
From: Kevin Shalla <kshalla () UIC EDU>
Date: Wed, 11 Jan 2006 11:16:34 -0600
This prompts me to ask about web browser security zones. Does anyone make substantial changes to the default IE security zone security? How effective is this? We make a few changes (adding certain sites to the trusted sites and granting certain extra access in that zone), but not much. Do other browsers have such detailed settings by security zone? It appears that Firefox has very little granularity (just load images and popups) in the security setup. At 11:54 AM 1/10/2006, David Gillett wrote:
I recall that, a few years back, it was common for Microsoft to downplay IE bugs with this "must get user to visit a suspicious site" argument. And then some hacker crew broke into a hosting company and defaced 500+ legit websites, adding code that exploited some of those vulnerabilities. The notion that users can have any real idea, a priori, about the actual safety of any site is just false. [On average, I'd agree that some sites are *more likely* than others to be booby-trapped, and that factor may have its place in the policy and "user education" sides of security management. But I don't think it's really useful in assessing the severity of a vulnerability.]
Current thread:
- web browser security zones Kevin Shalla (Jan 11)
- <Possible follow-ups>
- Re: web browser security zones Valdis Kletnieks (Jan 11)
- Re: web browser security zones Gary Flynn (Jan 11)
- Re: web browser security zones Gary Dobbins (Jan 11)
- Re: web browser security zones Gary Flynn (Jan 11)