Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Support > U.S. Homeland Security: Do Not Use IE!

Reply
Thread Tools

U.S. Homeland Security: Do Not Use IE!

 
 
Tech
Guest
Posts: n/a
 
      07-13-2004
By Loring Wirbel, EE Times

The Department of Homeland Security's U.S. Computer Emergency Readiness
Team touched off a storm this week when it recommended for security reasons
using browsers other than Microsoft Corp.'s Internet Explorer.

The Microsoft browser, the government warned, cannot protect against
vulnerabilities in its Internet Information Services (IIS) 5 server
programs, which a team of hackers allegedly based in Russia has exploited
with a Java script that is appended to Web sites.

The particular virus initiated this week inserts Java script into certain
Web sites. When users visit those sites, it initiates pop-up ads on home
and office computers, and allows keystroke analysis of user information.
The target is believed to be credit card numbers. CERT estimated that as
many as tens of thousands of Web sites may be affected.

CERT said vulnerabilities in IIS and IE could include MIME-type
determination, the DHTML object model, the IE domain/zone security model
and ActiveX scripts. Alternative browsers such as Mozilla or Netscape may
not protect users, the agency warned, if those browsers invoke ActiveX
control or HTML rendering engines.


http://story.news.yahoo.com/news?tmp...c_cmp/22103407


--
__
 
Reply With Quote
 
 
 
 
Duane Arnold
Guest
Posts: n/a
 
      07-14-2004
OK, Mrs. Walter Cronkite will do. <g>

Duane


 
Reply With Quote
 
 
 
 
Dodo
Guest
Posts: n/a
 
      07-14-2004
I suppose you believe everything you read. If US-CERT did issue said
recommendation then they're also doing a hell of a job of hiding it. I can't
find anything on the US-CERT website remotely resembling Yahoo's assertion.


 
Reply With Quote
 
Tech
Guest
Posts: n/a
 
      07-14-2004
Dodo wrote:

> I suppose you believe everything you read. If US-CERT did issue said
> recommendation then they're also doing a hell of a job of hiding it. I
> can't find anything on the US-CERT website remotely resembling Yahoo's
> assertion.


You are right, my own search at CERT found only 215 results.


57% CERT Advisory CA-2000-16 Microsoft 'IE Script'/Access/OBJECT Tag
Vulnerability
56% Microsoft Corporation Information for VU#980499
55% US-CERT Vulnerability Note VU#326412
51% US-CERT Technical Cyber Security Alert TA04-033A -- Multiple
Vulnerabilities in Microsoft ...
51% US-CERT Vulnerability Note VU#980499
51% CERT Advisory CA-2001-06 Automatic Execution of Embedded MIME Types
51% US-CERT Vulnerability Note VU#771604
51% US-CERT Vulnerability Note VU#652452
51% US-CERT Vulnerability Note VU#27857
51% US-CERT Vulnerability Note VU#784102
50% US-CERT Vulnerability Note VU#713878
50% US-CERT Technical Cyber Security Alert TA04-184A -- Internet Explorer
Update to Disable ...
50% CERT Advisory CA-2003-14 Buffer Overflow in Microsoft Windows HTML
Conversion Library
50% US-CERT Vulnerability Note VU#823260
50% US-CERT Cyber Security Alert SA04-184A -- Important Internet Explorer
Update Available
50% CERT Advisory CA-2003-22 Multiple Vulnerabilities in Microsoft
Internet Explorer
50% US-CERT Vulnerability Note VU#323070
50% US-CERT Vulnerability Note VU#865940
50% US-CERT Vulnerability Note VU#413886
50% US-CERT Vulnerability Note VU#12746
50% US-CERT Vulnerability Note VU#652278
49% US-CERT Vulnerability Note VU#728563
49% US-CERT Technical Cyber Security Alert TA04-163A -- Cross-Domain
Redirect Vulnerability in ...
48% US-CERT Current Activity
48% US-CERT Vulnerability Note VU#205148
48% CERT Advisory CA-2003-18 Integer Overflows in Microsoft Windows DirectX
MIDI Library
48% US-CERT Vulnerability Note VU#711843
48% US-CERT Vulnerability Note VU#251788
47% US-CERT Vulnerability Note VU#22482
45% US-CERT Cyber Security Alert SA04-033A -- Multiple Vulnerabilities in
Microsoft Internet ...
45% US-CERT Vulnerability Note VU#561284
45% activeX report
45% US-CERT Vulnerability Note VU#265232
45% US-CERT Vulnerability Note VU#334928
45% Microsoft Information for VU#952611
45% US-CERT Vulnerability Note VU#149424
45% US-CERT Vulnerability Note VU#400577

(...)

--
__
 
Reply With Quote
 
Dodo
Guest
Posts: n/a
 
      07-14-2004
....and not a single one advocating the use of alternative browsers.


 
Reply With Quote
 
DC
Guest
Posts: n/a
 
      07-14-2004
Dodo wrote:
> ...and not a single one advocating the use of alternative browsers.


Who are you talking to?

What are you talking about?

http://home.online.no/~shughes/a57998/quote.html#001a
http://www.netmeister.org/news/learn2quote.html
http://www.greenend.org.uk/rjk/2000/06/14/quoting.html

http://www.holgermetzger.de/netscape/usenet.html
http://www.uwasa.fi/~ts/http/tsfaq.html
http://vancouver-webpages.com/nnq/nnqlinks.html

--
DC Linux RU #1000111011000111001

Why I love Open Source: http://support.microsoft.com/?kbid=111601
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Capella University receives accreditation from the NSA and theDepartment of Homeland Security Capella Computer Security 0 02-03-2009 04:08 PM
Homeland Security Training World Institute Computer Security 0 03-05-2007 03:34 AM
Homeland Security Agency recommends abandoning IE dotnetforfood ASP .Net 3 07-04-2004 07:03 PM
REVIEW: "The Myth of Homeland Security", Marcus J. Ranum Rob Slade, doting grandpa of Ryan and Trevor Computer Security 0 01-23-2004 07:03 PM



Advertisments