Why people should stop using IE

http://www.itworld.com/security/93253/who-cares-if-ie-patched-soon

Because Microsoft only patches bugs which:

- are publicly known
- for which working exploit code exists
- is being exploited on a massive scale
- people start to jump ship towards other browsers

Most importantly: Microsoft IGNORES all other bugs and security 
exploits if they are used on a 'limited' scale. For most bugs they'll 
tell you to switch to a new, safer Windows (please buy a new computer 
too) and install a newer version of IE.

There are more than likely hundreds of potential security bugs in IE 
which aren't patched and which hackers may or may not know about. Large 
U.S. companies and defense contractors are learning that they are 
beseiged by hackers almost on a daily basis using zero day holes in 
both IE and Adobe Acrobat Reader and Flash software. I suspect that the 
hackers (the Chinese government) are using these zero day holes 
aparingly opting for massive simultaneours breakins before the holes 
are patched. That's why we see waves and waves of attacks targetting 
U.S. multinationals and defense contractors.

The bottom line is: Windows and Internet Explorer simply can't be 
trusted anymore and the U.S. government should publicly advise that 
people need to move towards Linux and Firefox. I suspect that this will 
happen this year (in 2010).

0
Non
1/20/2010 9:58:38 PM
comp.os.linux.advocacy 120655 articles. 14 followers. Post Follow

3 Replies
204 Views

Similar Articles

[PageSpeed] 20
Non scrivetemi pulled this Usenet boner:

> http://www.itworld.com/security/93253/who-cares-if-ie-patched-soon
>
> The bottom line is: Windows and Internet Explorer simply can't be 
> trusted anymore and the U.S. government should publicly advise that 
> people need to move towards Linux and Firefox. I suspect that this will 
> happen this year (in 2010).

It already happened (in 2004):

   http://www.internetnews.com/security/article.php/3374931

   US-CERT: Beware of IE

   The U.S. government's cybersecurity unit recommends ditching Internet
   Explorer in favor of other, safer browsers.

   June 29, 2004

-- 
You get along very well with everyone except animals and people.
0
Chris
1/20/2010 11:01:01 PM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

____/ Non scrivetemi on Wednesday 20 Jan 2010 21:58 : \____

> http://www.itworld.com/security/93253/who-cares-if-ie-patched-soon
> 
> Because Microsoft only patches bugs which:
> 
> - are publicly known
> - for which working exploit code exists
> - is being exploited on a massive scale
> - people start to jump ship towards other browsers
> 
> Most importantly: Microsoft IGNORES all other bugs and security
> exploits if they are used on a 'limited' scale. For most bugs they'll
> tell you to switch to a new, safer Windows (please buy a new computer
> too) and install a newer version of IE.
> 
> There are more than likely hundreds of potential security bugs in IE
> which aren't patched and which hackers may or may not know about. Large
> U.S. companies and defense contractors are learning that they are
> beseiged by hackers almost on a daily basis using zero day holes in
> both IE and Adobe Acrobat Reader and Flash software. I suspect that the
> hackers (the Chinese government) are using these zero day holes
> aparingly opting for massive simultaneours breakins before the holes
> are patched. That's why we see waves and waves of attacks targetting
> U.S. multinationals and defense contractors.
> 
> The bottom line is: Windows and Internet Explorer simply can't be
> trusted anymore and the U.S. government should publicly advise that
> people need to move towards Linux and Firefox. I suspect that this will
> happen this year (in 2010).

Microsoft was also caught patching security bugs secretly (no disclosure and no
access to code).

The numbers they give are bunk.

- -- 
		~~ Best of wishes

Steve Ballmer is even monkier than his moniker suggests
http://Schestowitz.com  |  Open Prospects   |     PGP-Key: 0x74572E8E
Tasks: 140 total,   1 running, 139 sleeping,   0 stopped,   0 zombie
      http://iuron.com - knowledge engine, not a search engine
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAktYh+AACgkQU4xAY3RXLo5buwCfWHrfoPUHEbZA1WjtZqQH5f8s
Xy4AoIXZcnsqUe2u5XEkQn0r/fOVcnLb
=irxb
-----END PGP SIGNATURE-----

0
Roy
1/21/2010 4:59:12 PM
>Non scrivetemi wrote:
>>[...]Windows and Internet Explorer simply can't be trusted
>>anymore and the U.S. government should publicly advise that[...]
>>
Chris Ahlstrom wrote:
>It already happened (in 2004):
>[...]June 29, 2004
>
http://www.kb.cert.org/vuls/id/713878
That was actually CERT's second time putting out the advisory.
(The second time included a bit more detail.)[1]
The first advisory was April 5, 2004.
http://www.kb.cert.org/vuls/id/323070
..
..
[1] The fallout from a conjunction of an IE vulnerability
and an IIS vulnerability
was actually covered by the corporate news outlets.
When your crap makes the national TeeVee news,
it's obvious that you screwed up massively.
0
JeffM
1/21/2010 7:04:06 PM
Reply:
Similar Artilces:

How to upgrade using ipkg?
I'm laying out an embedded Linux system, and plan on using ipkg for package management. One thing I can't figure out is how to update a packate. Let's say I have package foobar-0.1 installed. Now I have foobar-0.2_arm.ipk in hand and want to upgrade to that. Do you just "remove" the old package and "install" the new one? Won't that end up remove modified config files? I've seen the ipkg "update" command, but it doesn't seem applicable. First, it will try to update all packages, and I just want to do one. It doesn't app...

stopping subvi; not just closing the panel
I am using a subvi whose panel opens when called. I want to be able to stop the subvi -- not just close it -- when it's done. Can anyone help? I am using the vi in question as a subvi in a larger program. Using the Clove LV object reference as you did only closes the front panel but does not stop the subvi. So I use the STOP application control. However, stop stops the entire program -- not just the subvi. Now how do I stop the subvi without stopping the rest of the program? > I am using a subvi whose panel opens when called. I want to be able to > stop the subvi -- not just close...

Add attribute using pyxml
How do I add a new attribute to the existing xml Document tree??? "How do I add a new attribute to the existing xml Document tree??? " what do you mean by "using pyxml"? There are several pyxml modules. Do you mean minidom? If so that comes with stock Python as well (hint: element_node.setAttributeNS(ns, qname)). -- Uche Ogbuji Fourthought, Inc. http://uche.ogbuji.net http://fourthought.com http://copia.ogbuji.net http://4Suite.org Articles: http://uche.ogbuji.net/tech/publications/ ...

client socket hangs when using JOptionPane
I am using a simple client and server using sockets and displaying some dialogs using JOptionPane on the client side. The problem is that the application hangs after doing everything correctly (meaning it does not exit). Below is the code I use. I have not used swing before so maybe I am missing something? import java.net.*; import java.io.*; import javax.swing.*; public class NIMSwingClient extends JFrame { public static void main(String [] args) { if (args.length != 2){ System.out.println("Usage: java NIMClient host port"); System.exit(1); } try { ...

Re: privacy_abuse_represents_a_massive_psychological_damage stop uninvited soliciting of people #18
> > > > > > > > > > > > > > > > > > the regimist freak doesn't get it. he is not a burden type. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > uninvited soliciting of things is precisely what google is famous for. its that psychotic > > > > > > > > > > > > > > > > > nature of these faceless regimist cowards. > > > > > > > > > > > >...

can I solve this tabular problem using pdflatex?
Hi, I currently export my data from a program written in C to .VTK file format and import them in paraview, which is a postprocessor from which I can see the results using a color scale bar (red = hot temperature, blue = cold temperature). But often I don't want to see the colors - I want to know the temperatures in all cells at once, so I want to do this - minimal example follows: (constructing a tabular/table - and viewing the pdf-output with numerical values - not colors) -------- > cat output_to_latex.tex \documentclass{article} \begin{document} \begin{tabular}{|c||c|c|c|c|c|...

[9fans] tab stop poll
Just a quick poll. Who doesn't leave the tabstop set to 4 please email me. I'll summarize to the list if people want. Just curious if there is a defacto standard on this. Brantley I use tabstop=8. man, a tab is a tab. if the line slops, then it's too complex. > Just a quick poll. Who doesn't leave the tabstop set to 4 > please email me. I'll summarize to the list if people > want. Just curious if there is a defacto standard on this. I even use ':set tabstop=4' obsessively in vi. > Just a quick poll. Who doesn't leave the tabstop ...

Help: Deleting a file in Windows XP using C++
Greetings, I have been discussing this with a few programmers on comp.lang.c++ and have reached a wall. According to them, the code I am writing works perfectly for them and from a C++ stand point, the code is correct. However, whenever I run this on Windows XP SP1 using MS Visual Studio SP5 with VC++ 6.0, I continue to get an error. The program is simply trying to delete a file form the c:\ directory. I have placed the desired .txt file in every directory from c:\ to the actual folder the .exe is in. It continues to tell me that no such file exists. One of them recommend...

Which tacacs+ server are people using?
Is the code available from the Cisco ftp site the best implementation? Thanks, Joe ...

Problem installing tcllib using teacup
On Windows (Vista), I'm attempting to install tcllib using teacup. Here's what's happening: C:\Tcl\bin>teacup install tcllib Resolving tcllib -is package ... Nothing found. Aborting installation, was not able to locate all dependencies. C:\Tcl\bin> I'm new to teacup (and have been away from Tcl/Tk for quite awhile), can anyone offer any assistance? Does teacup just not support tcllib at this time? If so, then I can just get it from sourceforge but I like using teacup! Thanks! Bugs wrote: > On Windows (Vista), I'm attempting to install tcllib using...

Why do people do this?
Often I notice many users writing a SQL string like the following: sql = "SELECT * FROM <tblName> " sql = sql & "WHERE X = " & <variablename> & "" Why concatenate the string? If the actual string doesn't change, why concatenate it? sql = "SELECT * FROM <tblName> WHERE X = " & <variablename> & "" seems the better method. Comments? Ozzone wrote: > Often I notice many users writing a SQL string like the following: > > sql = "SELECT * FROM <tblName> " > sql = sql &a...

Excel Graph using Report Generation Tool Kit #2
Hi all, &nbsp; I am using Report generation toolkit for graph drawing on the Excel sheet. &nbsp; My Problem: &nbsp; I am configuring Window status as "Minimized" on New Report and using "Excel Insert Graph" for the generation of graph on Excel, here even if i give Minimized option on the new report it is not minimizing, it is pop ing up and closing. this is the problem i am facing so if any one has the solution for this please suggest me in this regards. &nbsp; regards, Suresh S <a href="mailto:s.suresh@apnagroup.com" target="_blank"&g...

error using dicominfo
I am using dicomread to load some dicom images. I would like to use dicominfo to get header information from the images, but am running into the following error message: info = dicominfo('D:\IM_0040'); Warning: See help sprintf for valid escape sequences. ??? Error using ==> images\private\dicom_read_attr>read_elt Error using ==> images The problem occurs when the file is on CD-ROM as well as on my computer's hard drive. I have tried changing the filename to IM_0040.dcm as well. Thank you. HI, did you try to read your dicom file with another software than matlab. Y...

Standalone GUI using Matlab Compiler
Hi If I use Matlab (using Academic Institutional licence) to develop a GUI tool to do specific image processing task and then compile it using Matlab Compiler to deploy the tool (MCRinstaller, application.exe file and application.ctf)in target machines without Matlab being installed physically (basically part of my project at the Academic Institution is to develop standlone user-friendly versions of my tool to test its usability), does this then involve any run-time licence fee? I am not sure at this point whether the tool will have a commercial value or not in the futur...

Start/Stop Threads Without Killing Them
I'm looking for an elegant way to start and stop threads without killing them, in order to avoid the overhead of unnecessary thread creation. My awkward attempt to do this is below. I'd appreciate any comments or suggestions about how to write code that accomplishes the same thing more cleanly. Thanks, cpp Code follows: public class Test implements Runnable{ Thread mThread; boolean mStopped; public Test() { mThread = new Thread(this); mThread.start(); } public synchronized void start() { mStopped = false; notifyAll(); } public synchronized void stop() { mStopped ...

Re: "Hi,I'm having problems controlling the Agilent E4422B Signal Generator with Labview. When using the Labview driver functions such as initialize instrument I always get an Error -1074135040
Hi, Brooks. Attached please find the files containing all the information concerning my attempt to control the Agilent E4438C. Hope you can make sense of it and help me. &nbsp; Regards isaac nireport.txt: http://forums.ni.com/attachments/ni/170/191414/1/nireport.txt Capture.spy: http://forums.ni.com/attachments/ni/170/191414/2/Capture.spy CaptureSpy.doc: http://forums.ni.com/attachments/ni/170/191414/3/CaptureSpy.doc Hi, If this driver supports multiple instrument models, then you will probably have to set the model in the default settings in MAX. Regards Ray FarmerMessage Edited by...

Using the Intel MKL in Linux
I have successfully installes the Intel MKL and made Matlab use its BLAS routines by setting BLAS_VERSION. Is there a way to make Matlab use the Intel Lapack Routines? I.e., another environment variable? Or can I simply replace the .so-files in the Matlab/bin directory with the appropriate Intel MKL libraries? If it is possible, which file has to be replaced with which one? ...

Stop XP from offering a dialup when I'm on LAN
The following is an immense annoyance with both XP pro and home editions: * Machine's primary use is on a LAN * Machine has one or more dialup configurations for use ONLY when traveling * DNS lookup is slow, or routing fails, or some other transient connectivity problem arises while browsing the Web * XP immediately offers to connect via dialup, but the dialog is buried by any number of active windows * Connection is blocked until I locate the dialup dialog and kill it, usually accompanying such action with a stream of profanity I don't want to delete my dialup connectio...

why don't people switch to mac?
Hi, There seem to be a lot of effort by Apple in getting people to switch from a PC (windows) environment to Mac. But still, PCs with Windows are getting more populair. Why is this? Why don't people switch to using Macintosch's instead of PCs? Best regards, John In article <Xns95E99B3C19D72JohnDoe93nospammailc@212.83.64.210>, John <JohnDoeyh93[no-spam]@mailcity.com> wrote: > Hi, > > > There seem to be a lot of effort by Apple in getting people to switch from > a PC (windows) environment to Mac. But still, PCs with Windows are getting > more ...

People Helping People!!!!!!!!!!!!
People Helping Each Other MAKE $250,000 IN WEEKS - 2007 AS SEEN ON OPRAH & 20/20 ***Oprah Winfrey and ABC's investigative team 20/20 also can prove it can be done*** ***Proven by various, highly- respected U.S. TV and radio programs as being 100% legal, feasible and true*** IF A 15 - YEAR OLD BOY COULD MAKE $71,000 IN JUST 5 WEEKS AND OTHER $250,000 IN FEW MORE WEEKS - SO CAN YOU!! THIS REALLY CAN MAKE YOU EASY MONEY!! IT WORKS!! BUT YOU HAVE TO FOLLOW THE LETTER FOR IT TO WORK!! THIS IS NOT A PYRAMID SCAM!!! I came across an article similar to this that said you ...

Basic Menu System Using VoIP?
I need a basic touch tone menuing system that receives (and places verification callback) calls via ethernet port using VoIP. No live humans are here at this end -- the live humans are calling not, fielding calls. Termination charges are presumed of course. The features: * Caller ID. * Call-back to purported Caller ID for spoofing prevention. * Touch tone recognition with call-out to customizable scripts (preferably perl) to store and provide canned voice file respones to data input. Oh, also I'd prefer it to run on an open source OS like Linux if at all possible. ...

linux fails again
University of North Florida breach exposes data on 107,000 individuals By Jaikumar Vijayan, Computerworld October 15, 2010 07:51 PM ET The University of North Florida has notified about 107,000 current and prospective students of the compromise of their personal information after a server containing the data was recently discovered to have been breached by unknown intruders. Nearly 53,000 of those affected had their names and Social Security numbers compromised, while the rest had their names and dates of birth exposed in the incident. http://www.linuxworld.com/new...

[News] [Rival] Use Microsoft Excel, Get Owned
New Excel vulnerability being exploited ,----[ Quote ] | Affected versions of the software are Excel 2003 SP2, Excel Viewer 2003, | Excel 2002, Excel 2000, and Excel 2004 for Mac. Microsoft especially warns | that there are no known workarounds for the issue for Excel 2000 or 2002. `---- http://www.itwire.com/content/view/16136/1054/ Related: UK children's charity says goodbye to Excel ,----[ Quote ] | Cognos TM1 will house the charity's budgeting and financial planning data | currently held on 2,000 Excel spreadsheets. `---- http://www.computerbusinessreview.com/article_n...

When should I use OLAP ? or just Reporting ?
Hi SQL/OLAP Gurus, I am new comer to OLAP with Analysis Service. What are the considerations to decide to use OLAP (e.g: with Analisys Service) or to use just 'traditional' reporting ? (what I mean by 'traditional reporting' is reports on the operational/OLTP database, not the OLAP database) Thanks for your info, Krist "Krist" <xtanto@hotmail.com> wrote in message news:cb48a3b.0401140550.3ef69ce8@posting.google.com... > Hi SQL/OLAP Gurus, > > I am new comer to OLAP with Analysis Service. > What are the considerations to decide t...

why some people call emacs operating system?
Hi, I have read several postings. Some people say that Emacs is a great operating system. I don't understand it. I thought Emacs is a text editor, like vi, and operating systems are W2K, WXP, Linux, Mac etc. Thank you for your help. Best Regards, Xiaoshen On Wed, 21 Jan 2004 14:39:52 +0000, Xiaoshen Li <xli6@gmu.edu> wrote: > Hi, > > I have read several postings. Some people say that Emacs is a great operating system. I don't understand it. I thought Emacs is a text editor, like vi, and operating systems are W2K, WXP, Linux, Mac etc. That's said tongue in c...