Home
Department of Homeland Security says Don't Use IE
Subscribe
Titus
Posts: 7745
  • Posted On: Jul 2 2004 7:30pm
The Department of Homeland Security's U.S. Computer Emergency Readiness Team touched off a storm this week when it recommended for security reasons using browsers other than Microsoft Corp.'s Internet Explorer.

The Microsoft browser, the government warned, cannot protect against vulnerabilities in its Internet Information Services (IIS) 5 server programs, which a team of hackers allegedly based in Russia has exploited with a Java script that is appended to Web sites.

The particular virus initiated this week inserts Java script into certain Web sites. When users visit those sites, it initiates pop-up ads on home and office computers, and allows keystroke analysis of user information. The target is believed to be credit card numbers. CERT estimated that as many as tens of thousands of Web sites may be affected.

CERT said vulnerabilities in IIS and IE could include MIME-type determination, the DHTML object model, the IE domain/zone security model and ActiveX scripts. Alternative browsers such as Mozilla or Netscape may not protect users, the agency warned, if those browsers invoke ActiveX control or HTML rendering engines.

The only defense may be completely disabling scripting and ActiveX controls.

Microsoft said earlier in the week it is working with law enforcement officials to identify the source of the latest Internet virus.


I hear that this has resulted in a dramatic spike in downloads of Mozilla and Firefox.
Theren Gevel
Posts: 2377
  • Posted On: Jul 2 2004 7:43pm
I hear that when I start doing what the fucking Department of Homeland Security tells me to do I will take my own goddamn life.

I will continue using IE in protest.
Omnae
Posts: 4195
  • Posted On: Jul 2 2004 8:06pm
lol lol.... Kas...

Mozilla's finally taking a page from the gun manufacturers of America..

Frighten the people into purchasing your product..




"I will give up my Internet Explorer when they pry my keyboard from my cold, dead hands!"





And the struggle continues....
Titus
Posts: 7745
  • Posted On: Jul 2 2004 8:09pm
Note that the DoHS didn't say what browser to use, they just said don't use IE.

There are quite a few browsers out there besides Mozilla and IE. Opera, for instance, Konquerer, if you use a Linux flavor with KDE, etc.
Titus
Posts: 7745
  • Posted On: Jul 3 2004 1:52pm
Here's an article on wired about the issue. Says there that "downloads of the browsers hit an all-time high on Thursday, from the usual 100,000 or so downloads on a normal day to more than 200,000."
Titus
Posts: 7745
  • Posted On: Jul 3 2004 2:01pm
CNN has one too.

For you bums who won't read it:
The respected research center was among security groups recommending other browsers as long as a key vulnerability in IE remained unfixed, leaving it capable of running malicious code that's been hidden at a number of popular Web sites.

It took a week for Microsoft to issue the update, which does not fix the flaw entirely but disables a hacker's ability to deliver malicious code with it. Ullrich said the update appeared to eliminate any immediate need to switch browsers, which can cause problems of its own.

The flaw had allowed a computer virus to spread through a new technique that converted popular Web sites into virus transmitters. That infection was designed to steal valuable information as Web users typed it into their computers -- passwords and the like.

And this week, researchers discovered another password-stealing program hidden behind pop-up ads. A repair for the flaw enabling that Trojan infection was issued in April, many users had yet to patch their systems.
Kamon Vondiranach
Posts: 2414
  • Posted On: Jul 3 2004 5:47pm
I got firefox a while ago. Works like a charm.