Re: [Full-Disclosure] IE Web Browser: "Sitting Duck"

• Previous message: Carlos Kramer: "RE: [Full-Disclosure] Name One Web Site Compromised by Download.Ject?"
• In reply to: Edge, Ronald D: "[Full-Disclosure] IE Web Browser: "Sitting Duck""
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Edge, Ronald D" <edge@indiana.edu>
Date: Wed, 30 Jun 2004 12:46:13 +0300

since CERT are "federally funded" does their advise mean it is "un-American"
to use internet explorer?

georgi

On Tue, Jun 29, 2004 at 09:25:32AM -0500, Edge, Ronald D wrote:
> Even CERT has issued an advisory that is really quite amazing in its
> bluntness:
> http://www.kb.cert.org/vuls/id/713878
> which was last updated June 25, 2004 in the wake of the download.ject
> attack by what appears to have been Russian criminal gangs out of a web
> site now shut down in Russia.
>
> "Use a different web browser"
> "There are a number of significant vulnerabilities in technologies
> relating to the IE domain/zone security model, the DHTML object model,
> MIME type determination, and ActiveX. It is possible to reduce exposure
> to these vulnerabilities by using a different web browser, especially
> when browsing untrusted sites. Such a decision may, however, reduce the
> functionality of sites that require IE-specific features such as DHTML,
> VBScript, and ActiveX. Note that using a different web browser will not
> remove IE from a Windows system, and other programs may invoke IE, the
> WebBrowser ActiveX control, or the HTML rendering engine (MSHTML). "
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Previous message: Carlos Kramer: "RE: [Full-Disclosure] Name One Web Site Compromised by Download.Ject?"
• In reply to: Edge, Ronald D: "[Full-Disclosure] IE Web Browser: "Sitting Duck""
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]