Re: New IE flaw and exploit sites/migration to non-MS browser
- From: MacLeonard <macleonard@xxxxxxxxx>
- Date: Sun, 2 Apr 2006 13:19:36 +1000
Hi all,
On 3/31/06, Murad Talukdar <talukdar_m@xxxxxxxxxx> wrote:
Does anyone know if there is a public list available that has details of
sites which seek to exploit vulnerabilities in IE 6 etc? I read articles
where people say things like, "experts say that there are almost two hundred
websites which are exploiting the newly disclosed flaw...blah blah
(FUD?)..,"
I am not aware of any public lists containing these url's. But the
number of sites I have personally seen is quite large.
Where do these people get these numbers from and where do they get the info
on the malicious sites from too?
The numbers are often counts of unique url's seen from many different
sources: Spam filtering, Honeyclients, The greater community...
On a related note--how many people have initiated a move away from IE to<snip>
Firefox/Opera etc in a corporate environment,
Moving away? No. Providing an alternate browser as a backup? Sure.
Having *any* other user friendly browser (firefox, opera, lynx ;) )
can provide an additional layer of security to your operations.
Administrative overhead is of course the down-side to this equation -
though there are deployment/maintenance/methods that may work
depending on your configuration.
This approach works for me and my organisation, your mileage may vary.
due to the perception(is it
JUST a perception or reality based?) that IE is less secure/more prone to
exploits?
Is IE less secure? Hands up those who have performed a source code
vulnerability analysis of BOTH Firefox and IE, and compared the
resulting number of vulnerabilities in each...
I haven't, so I can't comment.
IE is the most commonly targeted web browser - but computer criminals
are browser agnostic, they'll take whatever you give them. Firefox
certainly isn't immune to vulnerabilities, and as Susan has pointed
out - Firefox extensions can do just as much damage if you allow them
indiscriminately
In reality computer criminals are just given more IE (at the moment)
and it is a simple business decision: Target the larger market - but
keep an eye on the developing markets for opportunities.
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Prev by Date: Re: New IE flaw and exploit sites/migration to non-MS browser
- Next by Date: RE: New IE flaw and exploit sites/migration to non-MS browser
- Previous by thread: Re: New IE flaw and exploit sites/migration to non-MS browser
- Next by thread: RE: New IE flaw and exploit sites/migration to non-MS browser
- Index(es):
Relevant Pages
|
