CERT Advisory

[John Coutts]

People are finally starting to get the message that Internet Explorer is not
safe to use (something I have saying for years), and Microsoft stock prices
are reflecting it.

http://story.news.yahoo.com/news?tmpl=story&cid=74&e=3&u=/cmp/20040702/tc_cmp/2
2103407

CERT issused an advisory on June 11, 2004 about a cross domain vulnerability,
and Microsoft got around to plugging one of the holes on July 2, 2004. In
actual fact, both Mozilla and IE suffer from this vulnerability, but since
Mozilla doesn't support ActiveX there is not much can be done with it. As long
as your IE has ActiveX and Active Scripting enabled, you are vulnerable, and
the number of compromised IIS Web sites is reportedly quite large!

J.A. Coutts

 

[Sir_George]

John,

Well it appears that your observation about the vulnerability of MS Internet
Explorer was on the "cutting edge." Perhaps, if you haven't already
considered it, computer security should be a consideration as a career path.

I doubt that very few people ever dreamed that the premier and most popular
browser would ever be the target of attacks that would expose its
vulnerability.

 

[Buffalo]

People are finally starting to get the message that Internet Explorer is not
safe to use (something I have saying for years), and Microsoft stock prices
are reflecting it.

Well, just goodie for you.
Get a life.

 

[David Qunt]

John,

Well it appears that your observation about the vulnerability of MS
Internet Explorer was on the "cutting edge." Perhaps, if you haven't
already considered it, computer security should be a consideration as
a career path.

I doubt that very few people ever dreamed that the premier and most
popular browser would ever be the target of attacks that would expose
its vulnerability.

He was reporting on a bulleti from CERT. Very little of what he said was
his own editorialising. Your sarcasm is therefore puzzling.

It doesn't matter that IE is 'attackled' more because it is 'more popular',
as you seem to suggest. It is attacked because there are vulnerabilities in
it, and scope to wreak havoc. Most other browsers simply don't have those
vulnerabilities, because they don't allow nonsense like ActixeX.

The fact remains that the MS browser is full of holes and peoople are best
advised using an alternative. That fact has been fairly well-known for
years, and it seems from the tone of your post that you are annoyed because
the CERT bulletin now makes that official.

--
*********************************

David Qunt

****************************************************

 

[Sir_George]

Dave,

This is what John said;

"People are finally starting to get the message that Internet Explorer is
not
safe to use (something I have saying for years), and Microsoft stock prices
are reflecting it."

John made it an issue that he was aware of this pending vulnerability in IE
years ago and his reference to the article was merely a supporting piece of
information to prove how right he was in identifying it way back then.
Additionally he implies that pc users are not all that bright with his
statement "People are finally starting to get the message."

John appears to be, from my point of view, a tad boastful and condescending,
thus my reply to his post.

--
Sir_George
For better access to newsgroups;
http://www.microsoft.com/windowsxp/pro/using/newsgroups/setup.asp

 

[-nobody-]

your sig link does not work

 

[Sir_George]

-nobody-,

Thanks for the notification. I hadn't tried the link for quite some time.

 

[David Qunt]

Dave,

This is what John said;

"People are finally starting to get the message that Internet Explorer
is not
safe to use (something I have saying for years), and Microsoft stock
prices are reflecting it."

John made it an issue that he was aware of this pending vulnerability
in IE years ago and his reference to the article was merely a
supporting piece of information to prove how right he was in
identifying it way back then. Additionally he implies that pc users
are not all that bright with his statement "People are finally
starting to get the message."

John appears to be, from my point of view, a tad boastful and
condescending, thus my reply to his post.

OK, fair enough.

I'm not bothered about his tone, since his underlying point, ie that CERT
have said that IE is an unsafe browser and advocate switching to something
else, is a valid one.

--
*********************************

David Qunt

****************************************************