[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] How big is the danger of IE?

To: eric@xxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxx
Subject: RE: [Full-Disclosure] How big is the danger of IE?
From: psz@xxxxxxxxxxxxxxxxx (Paul Szabo)
Date: Fri, 9 Jul 2004 09:11:02 +1000 (EST)

Eric Paynter <eric@xxxxxxxxxxxxxxx> wrote:

>> http://www.kb.cert.org/vuls/id/713878
> 
> The amazing part is that CERT, a vendor-neutral organization who usually
> only provides information about how to secure a product, who does not
> counsel on product choice, has made a recommendation to consider
> alternatives to IE. Have they ever made such a recommendation in the past?
> Certainly not that I'm aware of.

They have the (almost) exact same "drop IE" paragraph in

  http://www.kb.cert.org/vuls/id/413886
  http://www.kb.cert.org/vuls/id/784102

since February 2004. (There used to be an even stronger warning in
http://www.kb.cert.org/vuls/id/323070 but it was toned down after the 
release of MS04-013.)

I do not read that as advice on product choice, just a statement of the
technical inadequacy of IE.

Cheers,

Paul Szabo - psz@xxxxxxxxxxxxxxxxx  http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics  University of Sydney   2006  Australia

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: RE: [Full-Disclosure] How big is the danger of IE?
Next by Date: [Full-Disclosure] No shell => secure?
Previous by thread: RE: [Full-Disclosure] How big is the danger of IE?
Next by thread: RE: [Full-Disclosure] How big is the danger of IE?
Index(es):
- Date
- Thread