ie6 - yet another serious exploit
From: Nirwana Nirwana (nirwanaaa_at_HOTMAIL.COM)
Date: 06/08/04
- Previous message: John McCormick: "SummerCon'04 This weekend in Pittsburgh"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 7 Jun 2004 23:04:02 +0000 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
A short ie6 comment from someone at the coalface:
Those of you that regularly read the c't security news
(http://www.heise.de/security/, article
http://www.heise.de/security/news/meldung/48016) may already have looked
into this 'full disclosure' report at http://62.131.86.111/analysis.htm.
This certainly adds new quality to the many existing vulnerabilities in ie6
and confirms once again to me that ie6 simply cannot be trusted for internet
use. It also gives (IMHO) the earlier statement by Russ that ie6 patching is
more or less pointless a new meaning: it is a hopeless task and hence a
waste of your time (patch it anyway for peace of mind if you wish).
In our company everyone uses Mozilla as their default browser and we have
banned the use of internet explorer - some explaining of the "why" and
helping migrating the bookmarks has resulted in a strong support by all(!)
employees for mozilla within a few weeks. We also got a lot of requests from
our employees on advice how to get Mozilla working on their home PCs! Add a
prefbar and an AddBlocker plugin and they never want to go back to ie!
We use Win2k as our working horse and have also physically removed all
instances of
Outlook and Outlook Express (e.g. c't script
http://www.heise.de/ct/ftp/result.xhtml?url=/ct/ftp/01/21/162/default.shtml&words=Outlook%20entfernen)
and use Mozilla Mail with Enigmail in combination with a professional
antivirus server/client solution. Add firewalls and system hardening and you
have at least some basic defenses in place. This has been working very
stable and reliable for us and saves a lot of time when it comes to patching
ie6 and Outlook & Co.
Cheers,
Nir
CSO
_________________________________________________________________
Add photos to your messages with MSN 8. Get 2 months FREE*.
http://join.msn.com/?page=features/featuredemail
-----
NTBugtraq Editor's Note:
Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you''ll have to copy their email address out of the message and place it in your TO: field.
-----
- Previous message: John McCormick: "SummerCon'04 This weekend in Pittsburgh"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
