{"id":279,"date":"2004-07-02T15:05:00","date_gmt":"2004-07-02T15:05:00","guid":{"rendered":"http:\/\/adam.rosi-kessel.org\/weblog\/security\/insecure_ie.html"},"modified":"-0001-11-30T00:00:00","modified_gmt":"1970-01-01T05:00:00","slug":"insecure_ie","status":"publish","type":"post","link":"http:\/\/adam.rosi-kessel.org\/weblog\/2004\/07\/02\/insecure_ie","title":{"rendered":"IE Homeland Insecurity"},"content":{"rendered":"

From the “for those of you who don’t regularly read slashdot<\/a> department”: I’m usually pretty skeptical of the Department of Homeland Security<\/a>; I think it’s a pretty bad solution to the threat presented (see, e.g., Bruce Schneier’s<\/a> comments on the subject<\/a>), but I have to agree with them this time. The agency has issued a recommendation<\/a> that users stop using Microsoft’s Internet Explorer and pick an alternative web browser. Wired Magazine<\/a> reports that upgrades of the free software browser<\/a> Mozilla<\/a> have spiked sharply following the announcement<\/a>. <\/p>\n

The only reference I could find to the issue on the DHS website<\/a> (which is not, incidentally, served by Microsoft software) was the following bit from this report<\/a>: <\/p>\n

\n

Handling Dependencies<\/h3>\n

A coordinator may be required to conduct significant research into software, hardware, and firmware dependencies in order to provide complete and correct advice. <\/p>\n

Rationale<\/em>: Vulnerabilities are often discovered in software components on which other software relies. For example, a shared library may be used by dozens or hundreds of products. For instance, vulnerabilities in Microsoft’s Internet Explorer often affect other products (including products by third-party vendors) in ways that aren’t obvious to end users. Examples of products that are sometimes affected by Internet Explorer vulnerabilities include Lotus Notes, Eudora, and Microsoft Outlook. Furthermore, these dependencies are not typically recorded. <\/p>\n<\/blockquote>\n

Presumably something more on-topic will be posted soon. There is also this warning<\/a> from CERT (the United States Computer Emergency Readiness Team). <\/p>\n","protected":false},"excerpt":{"rendered":"

From the “for those of you who don’t regularly read slashdot department”: I’m usually pretty skeptical of the Department of Homeland Security; I think it’s a pretty bad solution to the threat presented (see, e.g., Bruce Schneier’s comments on the subject), but I have to agree with them this time. The agency has issued a […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3],"tags":[],"_links":{"self":[{"href":"http:\/\/adam.rosi-kessel.org\/weblog\/wp-json\/wp\/v2\/posts\/279"}],"collection":[{"href":"http:\/\/adam.rosi-kessel.org\/weblog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/adam.rosi-kessel.org\/weblog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/adam.rosi-kessel.org\/weblog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/adam.rosi-kessel.org\/weblog\/wp-json\/wp\/v2\/comments?post=279"}],"version-history":[{"count":0,"href":"http:\/\/adam.rosi-kessel.org\/weblog\/wp-json\/wp\/v2\/posts\/279\/revisions"}],"wp:attachment":[{"href":"http:\/\/adam.rosi-kessel.org\/weblog\/wp-json\/wp\/v2\/media?parent=279"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/adam.rosi-kessel.org\/weblog\/wp-json\/wp\/v2\/categories?post=279"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/adam.rosi-kessel.org\/weblog\/wp-json\/wp\/v2\/tags?post=279"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}