Full Disclosure mailing list archives
IE Web Browser: "Sitting Duck"
From: "Edge, Ronald D" <edge () indiana edu>
Date: Tue, 29 Jun 2004 09:25:32 -0500
I find it pretty stunning that now even the mainstream corporate online IT press is jumping down Microsoft's throat over the vulnerabilities and problems with the Microsoft IE browser. I recall last week we had a thread in which one poster was defending Microsoft, and insisting we were just complaining about the "GUI interface", and ignoring all efforts to focus attention on such facts as pointed out even in this CNET news.com article: "IE a sitting duck?" "But Mozilla claims some inherent security advantages as well. Internet Explorer is a fat target for attackers, in large part because it supports powerful, propriety Microsoft technologies that are notoriously weak on security, like ActiveX." http://news.com.com/IE+flaw+may+boost+rival+browsers/2100-7355_3-5250697 .html?tag=nefd.lede Even CERT has issued an advisory that is really quite amazing in its bluntness: http://www.kb.cert.org/vuls/id/713878 which was last updated June 25, 2004 in the wake of the download.ject attack by what appears to have been Russian criminal gangs out of a web site now shut down in Russia. "Use a different web browser" "There are a number of significant vulnerabilities in technologies relating to the IE domain/zone security model, the DHTML object model, MIME type determination, and ActiveX. It is possible to reduce exposure to these vulnerabilities by using a different web browser, especially when browsing untrusted sites. Such a decision may, however, reduce the functionality of sites that require IE-specific features such as DHTML, VBScript, and ActiveX. Note that using a different web browser will not remove IE from a Windows system, and other programs may invoke IE, the WebBrowser ActiveX control, or the HTML rendering engine (MSHTML). " Ron. Ronald D. Edge Director of Information Systems Indiana University Intercollegiate Athletics edge () indiana edu (812)855-9010 http://iuhoosiers.com http://mainsleazespam.com Corporate IT's reaction to spyware has been surprising: it's been largely swept under the rug. The problem is that you can't hide an elephant by sweeping it under the rug. It leaves quite a bulge. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- IE Web Browser: "Sitting Duck" Edge, Ronald D (Jun 29)
- Re: IE Web Browser: "Sitting Duck" Georgi Guninski (Jun 30)