U.S. warns against Microsoft Internet Explorer
It isn't some paranoid privacy group this time. It is the US goverment in the form of The Department of Homeland Security is asking us us not to use Microsoft Internet Explorer.
The Department of Homeland Security's U.S. Computer Emergency Readiness Team touched off a storm this week when it recommended for security reasons using browsers other than Microsoft Corp.'s Internet Explorer.
The Microsoft browser, the government warned, cannot protect against vulnerabilities in its Internet Information Services (IIS) 5 server programs, which a team of hackers allegedly based in Russia has exploited with a Java script that is appended to Web sites.
The real security issue here is in Microsoft Server. If I read this correctly using Microsoft Server is not only dangerous, but unpatriotic.
The particular virus initiated this week inserts Java script into certain Web sites. When users visit those sites, it initiates pop-up ads on home and office computers, and allows keystroke analysis of user information. The target is believed to be credit card numbers. CERT estimated that as many as tens of thousands of Web sites may be affected.
CERT said vulnerabilities in IIS and IE could include MIME-type determination, the DHTML object model, the IE domain/zone security model and ActiveX scripts. Alternative browsers such as Mozilla or Netscape may not protect users, the agency warned, if those browsers invoke ActiveX control or HTML rendering engines.
The only defense may be completely disabling scripting and ActiveX controls.
Microsoft said earlier in the week it is working with law enforcement officials to identify the source of the latest Internet virus.
Note that Microsoft has not said anything about working on tightening up their software to prevent this sort of thing from happening.
posted by Liberty @ 7:04 AM
0 Comments:
Post a Comment
Links to this post:
Create a Link
<< Home >>