U.S. Homeland Security: Do Not Use IE!

Discussion in 'Computer Support' started by Tech, Jul 14, 2004.

  1. Tech

    Tech Guest

    By Loring Wirbel, EE Times

    The Department of Homeland Security's U.S. Computer Emergency Readiness
    Team touched off a storm this week when it recommended for security reasons
    using browsers other than Microsoft Corp.'s Internet Explorer.

    The Microsoft browser, the government warned, cannot protect against
    vulnerabilities in its Internet Information Services (IIS) 5 server
    programs, which a team of hackers allegedly based in Russia has exploited
    with a Java script that is appended to Web sites.

    The particular virus initiated this week inserts Java script into certain
    Web sites. When users visit those sites, it initiates pop-up ads on home
    and office computers, and allows keystroke analysis of user information.
    The target is believed to be credit card numbers. CERT estimated that as
    many as tens of thousands of Web sites may be affected.

    CERT said vulnerabilities in IIS and IE could include MIME-type
    determination, the DHTML object model, the IE domain/zone security model
    and ActiveX scripts. Alternative browsers such as Mozilla or Netscape may
    not protect users, the agency warned, if those browsers invoke ActiveX
    control or HTML rendering engines.


    http://story.news.yahoo.com/news?tmpl=story&cid=74&e=3&u=/cmp/20040702/tc_cmp/22103407


    --
    __
    Tech, Jul 14, 2004
    #1
    1. Advertising

  2. Tech

    Duane Arnold Guest

    OK, Mrs. Walter Cronkite will do. <g>

    Duane :)
    Duane Arnold, Jul 14, 2004
    #2
    1. Advertising

  3. Tech

    Dodo Guest

    I suppose you believe everything you read. If US-CERT did issue said
    recommendation then they're also doing a hell of a job of hiding it. I can't
    find anything on the US-CERT website remotely resembling Yahoo's assertion.
    Dodo, Jul 14, 2004
    #3
  4. Tech

    Tech Guest

    Dodo wrote:

    > I suppose you believe everything you read. If US-CERT did issue said
    > recommendation then they're also doing a hell of a job of hiding it. I
    > can't find anything on the US-CERT website remotely resembling Yahoo's
    > assertion.


    You are right, my own search at CERT found only 215 results.


    57% CERT Advisory CA-2000-16 Microsoft 'IE Script'/Access/OBJECT Tag
    Vulnerability
    56% Microsoft Corporation Information for VU#980499
    55% US-CERT Vulnerability Note VU#326412
    51% US-CERT Technical Cyber Security Alert TA04-033A -- Multiple
    Vulnerabilities in Microsoft ...
    51% US-CERT Vulnerability Note VU#980499
    51% CERT Advisory CA-2001-06 Automatic Execution of Embedded MIME Types
    51% US-CERT Vulnerability Note VU#771604
    51% US-CERT Vulnerability Note VU#652452
    51% US-CERT Vulnerability Note VU#27857
    51% US-CERT Vulnerability Note VU#784102
    50% US-CERT Vulnerability Note VU#713878
    50% US-CERT Technical Cyber Security Alert TA04-184A -- Internet Explorer
    Update to Disable ...
    50% CERT Advisory CA-2003-14 Buffer Overflow in Microsoft Windows HTML
    Conversion Library
    50% US-CERT Vulnerability Note VU#823260
    50% US-CERT Cyber Security Alert SA04-184A -- Important Internet Explorer
    Update Available
    50% CERT Advisory CA-2003-22 Multiple Vulnerabilities in Microsoft
    Internet Explorer
    50% US-CERT Vulnerability Note VU#323070
    50% US-CERT Vulnerability Note VU#865940
    50% US-CERT Vulnerability Note VU#413886
    50% US-CERT Vulnerability Note VU#12746
    50% US-CERT Vulnerability Note VU#652278
    49% US-CERT Vulnerability Note VU#728563
    49% US-CERT Technical Cyber Security Alert TA04-163A -- Cross-Domain
    Redirect Vulnerability in ...
    48% US-CERT Current Activity
    48% US-CERT Vulnerability Note VU#205148
    48% CERT Advisory CA-2003-18 Integer Overflows in Microsoft Windows DirectX
    MIDI Library
    48% US-CERT Vulnerability Note VU#711843
    48% US-CERT Vulnerability Note VU#251788
    47% US-CERT Vulnerability Note VU#22482
    45% US-CERT Cyber Security Alert SA04-033A -- Multiple Vulnerabilities in
    Microsoft Internet ...
    45% US-CERT Vulnerability Note VU#561284
    45% activeX report
    45% US-CERT Vulnerability Note VU#265232
    45% US-CERT Vulnerability Note VU#334928
    45% Microsoft Information for VU#952611
    45% US-CERT Vulnerability Note VU#149424
    45% US-CERT Vulnerability Note VU#400577

    (...)

    --
    __
    Tech, Jul 14, 2004
    #4
  5. Tech

    Dodo Guest

    ....and not a single one advocating the use of alternative browsers.
    Dodo, Jul 14, 2004
    #5
  6. Tech

    DC Guest

    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. COMSOLIT Messmer

    IT-Security, Security, e-security

    COMSOLIT Messmer, Sep 5, 2003, in forum: Computer Support
    Replies:
    0
    Views:
    595
    COMSOLIT Messmer
    Sep 5, 2003
  2. Rob Slade, doting grandpa of Ryan and Trevor

    REVIEW: "The Myth of Homeland Security", Marcus J. Ranum

    Rob Slade, doting grandpa of Ryan and Trevor, Jan 23, 2004, in forum: Computer Security
    Replies:
    0
    Views:
    517
    Rob Slade, doting grandpa of Ryan and Trevor
    Jan 23, 2004
  3. World Institute

    Homeland Security Training

    World Institute, Mar 5, 2007, in forum: Computer Security
    Replies:
    0
    Views:
    474
    World Institute
    Mar 5, 2007
  4. Capella
    Replies:
    0
    Views:
    553
    Capella
    Feb 3, 2009
  5. RichA

    Department of Homeland Insecurity

    RichA, Oct 25, 2011, in forum: Digital Photography
    Replies:
    3
    Views:
    191
    (PeteCresswell)
    Oct 28, 2011
Loading...

Share This Page