Re: IE Web Browser: "Sitting Duck"

[Georgi Guninski <guninski () guninski com>]

since CERT are "federally funded" does their advise mean it is "un-American"
to use internet explorer?

georgi

On Tue, Jun 29, 2004 at 09:25:32AM -0500, Edge, Ronald D wrote:
> Even CERT has issued an advisory that is really quite amazing in its
> bluntness:
>       http://www.kb.cert.org/vuls/id/713878
> which was last updated June 25, 2004 in the wake of the download.ject
> attack by what appears to have been Russian criminal gangs out of a web
> site now shut down in Russia.
>
> "Use a different web browser"
> "There are a number of significant vulnerabilities in technologies
> relating to the IE domain/zone security model, the DHTML object model,
> MIME type determination, and ActiveX. It is possible to reduce exposure
> to these vulnerabilities by using a different web browser, especially
> when browsing untrusted sites. Such a decision may, however, reduce the
> functionality of sites that require IE-specific features such as DHTML,
> VBScript, and ActiveX. Note that using a different web browser will not
> remove IE from a Windows system, and other programs may invoke IE, the
> WebBrowser ActiveX control, or the HTML rendering engine (MSHTML). "

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html