Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
Sign in to follow this  
SyntherAugustus

Even HomeLan feds/US-CERT hate Internet Explorer.

Recommended Posts

July 01, 2004

U.S. Steers Consumers Away From IE Browsers

By Loring Wirbel, EE Times
COLORADO SPRINGS, Colo. " The Department of Homeland Security's U.S. Computer Emergency Readiness Team touched off a storm this week when it recommended for security reasons using browsers other than Microsoft Corp.'s Internet Explorer.
The Microsoft browser, the government warned, cannot protect against vulnerabilities in its Internet Information Services (IIS) 5 server programs, which a team of hackers allegedly based in Russia has exploited with a Java script that is appended to Web sites.

The particular virus initiated this week inserts Java script into certain Web sites. When users visit those sites, it initiates pop-up ads on home and office computers, and allows keystroke analysis of user information. The target is believed to be credit card numbers. CERT estimated that as many as tens of thousands of Web sites may be affected.


CERT said vulnerabilities in IIS and IE could include MIME- type determination, the DHTML object model, the IE domain/zone security model and ActiveX scripts. Alternative browsers such as Mozilla or Netscape may not protect users, the agency warned, if those browsers invoke ActiveX control or HTML rendering engines.

The only defense may be completely disabling scripting and ActiveX controls.

Microsoft said earlier in the week it is working with law enforcement officials to identify the source of the latest Internet virus.


Heh.

Me <3 Mozilla


edit: Source of the issue can be found here. The quote above is from another article related to the issue.
http://enterprise-security-today.newsfactor.com/story.xhtml?story_title=Feds-Warn-Against-Microsoft-s-Browser&story_id=25695&category=winsecurity

Share this post


Link to post

Alternative browsers such as Mozilla or Netscape may not protect users, the agency warned, if those browsers invoke ActiveX control or HTML rendering engines.

So... Mozilla is safe as long as I don't use its HTML rendering engine. How useful.

Share this post


Link to post

reminds me of the situation at work. people checking web mail and blogs infected a number of computers. 1 girl was fired for checking out lesbian and bondage forums, yes the one who kept asking me to put hooks in my back. it is belived she was one of those responsible for this.

the computers have internet disabled, but there is a simple way around that.

Share this post


Link to post

Dept. of Homeland Security's wireless connections are insecure! *Gasp*

http://www.informationweek.com/story/showArticle.jhtml?articleID=22103346
The Department of Homeland Security's Office of Inspector General contends the department has failed to establish adequate security controls over its wireless network. "Although the DHS security policy requires certification and accreditation for its systems to operate, none of the wireless systems reviewed had been certified or accredited," the 42-page report says. "As a result of these wireless network exposures, DHS cannot ensure that the sensitive information processed by its wireless systems are effectively protected from unauthorized accesses and potential misuse."

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
×