Educause Security Discussion mailing list archives

Re: Browser Plugin Check

From: Anthony Maszeroski <maszeroskia3 () SCRANTON EDU>
Date: Thu, 15 Oct 2009 08:33:32 -0400

Gary,

That sounds like a great idea to me -- something similar to the "Secure
Browsing" tab in Secunia PSI. I think the biggest challenge would be
finding someone with the resources necessary to keep the version library
up-to-date. I wonder if that would be something the collective user
community could handle...


Gary Flynn wrote:

Mozilla has put up a web site to check plugin versions on
Mozilla based browsers.

What would be nice is to have a site that is vendor agnostic
driven from a library of plugin/activex/extension version
checking scripts vetted and hosted on a trusted party's web
site. US-CERT? Educause? OWASP?

It would also be nice to be able to import those checks on
local sites so that a site could choose to warn visitors
of particularly risky code or refuse access to vulnerable,
unmaintained clients as policy dictates.

Sort of a WebNAC.

Workable idea?

<https://www-trunk.stage.mozilla.com/en-US/plugincheck/>


--
- Anthony Maszeroski, CCNA, CISSP
-----------------------------------
Information Security Manager
The University of Scranton
email : maszeroskia3 () scranton edu
phone : 570-941-4226
-----------------------------------

Current thread:

Browser Plugin Check Gary Flynn (Oct 13)
- <Possible follow-ups>
- Re: Browser Plugin Check Anthony Maszeroski (Oct 15)
- Re: Browser Plugin Check Flynn, Gerald (Oct 15)