The W
Views: 99070637
Main | FAQ | Search: Y! / G | Calendar | Color chart | Log in for more!
20.9.14 1309
The W - Random - Department of Homeland Security suggests not using IE.
This thread has 1 referral leading to it
Register and log in to post!
Thread rated: 6.70
Pages: 1
(1271 newer) Next thread | Previous thread
User
Post (9 total)
SirBubNorm
Salami








Since: 2.1.02
From: Under the table

Since last post: 3560 days
Last activity: 3509 days
#1 Posted on | Instant Rating: 5.67
Kind of surprised not to see others note this after it's posting over at Slashdot

Here's the related news story at Yahoo News

These lines from the Yahoo News story confuse me a bit...


Alternative browsers such as Mozilla or Netscape may not protect users, the agency warned, if those browsers invoke ActiveX control or HTML rendering engines.


Maybe I'm being too picky with their wording, but... In order to display (render) HTML, don't you have to have an HTML Rendering engine? :)



It's a dog eat dog world and I'm wearing milkbone undershorts.
Promote this thread!
EddieBurkett
Boudin blanc








Since: 3.1.02
From: GA in person, NJ in heart

Since last post: 8 days
Last activity: 1 hour
#2 Posted on | Instant Rating: 7.20
Supposedly, Microsoft already has (or will be issueing soon) a fix for the IE vulnerability. Check Windows Update to see if its ready or not.

I thought the same thing about the "HTML rendering engines" line.

I've been wondering how hard I should force this issue with people I know. I don't want to freak them about using the internet, and I don't want to seem like a zealot forcing them to use Mozilla or something, but I don't want to see people get affected by this.

Edit: Yeah, the patch is out.

(edited by EddieBurkett on 3.7.04 1756)


You've gotta carry that weight...
Whitebacon
Boudin blanc








Since: 12.1.02
From: Fresno, CA

Since last post: 34 days
Last activity: 1 day
AIM:  
ICQ:  
#3 Posted on | Instant Rating: 6.28
I just got what looked to be a system message coming from Yahoo! that wanted me to take a survey. Bad?

(edited by Whitebacon on 3.7.04 1403)



(Not Bob Kohm)


In the context of baseball, the use of drugs hurts only the player. In the context of baseball, the use of alcohol hurts only the player. In the context of baseball, womanizing hurts whom? Maybe the wife of the player? In the context of baseball, felonies are crimes against society, not against baseball. In the context of baseball, gambling is the only crime against baseball.

Gambling, in the context of baseball, is a capital offense and Rose has richly earned-- hell, he agreed to-- his death sentence. Let him hang.

Bob Kohm, co-owner of Rotojunkies.com (rotojunkies.com) , and a large market kind of guy.
FriedEgg
Polska kielbasa








Since: 13.6.03
From: Washington, DC

Since last post: 2399 days
Last activity: 2399 days
#4 Posted on | Instant Rating: 7.98
The "patch" isn't really a patch as much as it is a workaround. They've disabled the vulnerable piece of code without actually fixing it, potentially breaking any legitimate uses of it.



wrestlingDB: Wrestling news for busy/lazy people.
#wrestlingdb on EFNet (irc) - Chat, or just idle and see news headlines as they happen.
SirBubNorm
Salami








Since: 2.1.02
From: Under the table

Since last post: 3560 days
Last activity: 3509 days
#5 Posted on | Instant Rating: 5.67
    Originally posted by EddieBurkett
    Supposedly, Microsoft already has (or will be issueing soon) a fix for the IE vulnerability. Check Windows Update to see if its ready or not.

    I thought the same thing about the "HTML rendering engines" line.

    I've been wondering how hard I should force this issue with people I know. I don't want to freak them about using the internet, and I don't want to seem like a zealot forcing them to use Mozilla or something, but I don't want to see people get affected by this.

    Edit: Yeah, the patch is out.

    (edited by EddieBurkett on 3.7.04 1756)



That's actually why I was excited to see this story. "Geeks" have known for a while (long time) that IE sucks from a security perspective. However try to convince a user that only checks their e-mail and visits one or two sites of that. They don't do enough work on their computer for it to be perceived to be worth their bother to "learn" something new. Throw in the people who *are* no matter what going to think you're a zealot because you say it's not safe and well... So to see someone "bigger" (say what you will about the Dept. Of Homeland Security) than you, who may get the attention of the people who were ignoring you before, well that's a good thing.



It's a dog eat dog world and I'm wearing milkbone undershorts.
drjayphd
Scrapple
Moderator








Since: 22.4.02
From: Long Island

Since last post: 7 days
Last activity: 5 days
AIM:  
ICQ:  
Y!:
#6 Posted on | Instant Rating: 6.62
You wanted the best, you got... Out of Context Quote of the Week.

"I will blow your ass out." (drjayphd)


However try to convince a user that only checks their e-mail and visits one or two sites of that. They don't do enough work on their computer for it to be perceived to be worth their bother to "learn" something new.

Oh, I think they'll pay attention to security once their comp starts randomly shutting down once they get online. I got to the point with my father that I just went to Windows Update and did all the patches myself because he never bothered to, but I told him to do that on a semi-regular basis and he's been good since then (Zone Alarm annoyance notwithstanding). Once it affects them, they'll do their due diligence.



DEAN's Nuggets of Wisdom:

"I don't want him to die. I just want him to NEED my PEE." (as seen here)
SirBubNorm
Salami








Since: 2.1.02
From: Under the table

Since last post: 3560 days
Last activity: 3509 days
#7 Posted on | Instant Rating: 5.67
That's what I would think to, but honestly some won't. They'll be less enthused than normal about visiting stuff on the computer, but they'll assume they're doing something wrong or it's just the computer being flakey, rather than something malicious.

And that's only if they get "infected" by something that decides to restart their machine.

Anyways it's all rather moot because I would prefer to help people figure it out before they become a relay station for the latest virus. :)



It's a dog eat dog world and I'm wearing milkbone undershorts.
EddieBurkett
Boudin blanc








Since: 3.1.02
From: GA in person, NJ in heart

Since last post: 8 days
Last activity: 1 hour
#8 Posted on | Instant Rating: 7.20
    Originally posted by drjayphd
    >Oh, I think they'll pay attention to security once their comp starts randomly shutting down once they get online.


My understanding though is that the exploit in question doesn't shut their computer down. It just silently logs their keystrokes. So from the end user perspective, they won't know they've been affected.

    Originally posted by FriedEgg
    The "patch" isn't really a patch as much as it is a workaround. They've disabled the vulnerable piece of code without actually fixing it, potentially breaking any legitimate uses of it.


I read a while ago that because Microsoft doesn't release the source code, developers have a hard time knowing when a "function" of windows is a feature or a bug. Microsoft provides documentation as to the API, but developers tend to ignore that when a *shortcut* works. So the problem is that when MS goes to fix a problem, lots of "legitimate" software breaks. Its one of the reasons Windows is as exploit-ridden as it is; they are so concerned about breaking any popular third party apps (and thus losing people who would otherwise upgrade) that they haven't been able to completely implement security as needed. Supposedly though, that's all out the window with SP2, as they are finally putting security ahead of all else, non-MS software be damned. Maybe this is the first step, just cutting that out entirely instead of trying to fix it. (Then again, given the relatively short time frame, maybe they can't fix it. With something like this, better to get something out there than appear to be sitting on your ass.)





You've gotta carry that weight...
FriedEgg
Polska kielbasa








Since: 13.6.03
From: Washington, DC

Since last post: 2399 days
Last activity: 2399 days
#9 Posted on | Instant Rating: 7.98
    Originally posted by EddieBurkett
    So the problem is that when MS goes to fix a problem, lots of "legitimate" software breaks. Its one of the reasons Windows is as exploit-ridden as it is; they are so concerned about breaking any popular third party apps (and thus losing people who would otherwise upgrade) that they haven't been able to completely implement security as needed.


But that's not what happened here. They didn't fix it and break things, they disabled it and broke things. It'd be as if they disabled Internet Explorer to prevent vulnerabilities rather than actually fix them. Hey... maybe that's not such a bad idea.



wrestlingDB: Wrestling news for busy/lazy people.
#wrestlingdb on EFNet (irc) - Chat, or just idle and see news headlines as they happen.
Thread rated: 6.70
Pages: 1
Thread ahead: The Change Bandit Strikes Again
Next thread: Creativity
Previous thread: Sex with teacher
(1271 newer) Next thread | Previous thread
Dang...that kind of gives a whole meaning to the "You Got Served!" taunt doesn't it?
The W - Random - Department of Homeland Security suggests not using IE.Register and log in to post!

The W™ message board

ZimBoard
©2001-2014 Brothers Zim

This old hunk of junk rendered your page in 0.148 seconds.