__/ [ BearItAll ] on Thursday 02 November 2006 13:21 \__
> Peter Köhlmann wrote:
>
>> Microsoft Internet Explorer Unspecified Code Execution Vulnerability
>>
>> http://tools.cisco.com/MySDN/Intelligence/viewThreat.x?threatId=5222
>> http://www.securityfocus.com/bid/20797/discuss
>>
>> And with exploit in the wild
>
> And the response is:-
>
> 1. Administrators are advised to apply software updates as they become
> available.
>
> So when the fix comes it should be applied. When was Linux ever slow to
> deal with any potential exploit.
>
> 2. Administrators are advised to disable JavaScript in Internet Explorer
> until updates can be applied.
>
> Practically means that hardly any web site will work these days on IE6.
>
> 3. Users are advised not to follow links from untrusted sources.
>
> Do not go to any web sites at all that you haven't already visited even
> those that you do use regularly ensure they are ran by angelic people who
> go to church three times a week.
>
> 4. Users are advised to verify unexpected links from trusted sources before
> following them.
>
> Yeah right, pick any MS user (or many Linux or Mac user for that matter) at
> random and ask them how they go about checking the validity of a link prior
> to clicking it. How on earth are they going to know if www.wesellstuff.com
> is going to be a trusted source.
>
> 5. Users are advised to use an unprivileged account when browsing the
> Internet.
>
> You'll still get whalloped but at least you can say that you tried.
>
> MS, a little note for you, no one has control over all of the users of the
> Internet, so it is the job of their OS or additional security software to
> protect them. By throwing Symantec and McAfee out you have taken on the
> role of protecting your users. This is yet another post telling us that you
> are not doing that.
>
> Personally I wish the security issue could be taken out of MS hands
> completely. We all have data with various companies many of whom will use
> MS Win platforms. So MS weaknesses affect all of us. They have had long
> enough to sort it out, even had the time and funds for a complete rewrite.
> But they have done nothing at all. It has to be taken out of their hands
> and given over to someone we can trust to do the job of protecting the
> users and Our data.
You said it like it is.
While I have little or no sympathy for users whose poor choices led them to
becoming victims of fraud (family and friends aside), I can't help but feel
that we absolutely *must* protect them or pull them to a safe haven where
they will no longer passively spew out SPAM and be the weapon of
Webmaster/company extortion. It gets worse by the day and makes the Internet
a miserable place. Faster connection and so-called Vista-capable boxes only
bring more power to brute-force methods that humans cannot cope with. The
Internet, context-wise, is not the only tuft that's becoming a grabage dump.
The 'pipes' themselves (traffic) are filled with noise/filth, which beats
the purpose of the Web. Tim Berners-Lee expressed concerns about the future
of the Web this morning. It was on the Beeb.
Best wishes,
Roy
--
Roy S. Schestowitz | "Yes, I know, but does it run Linux?"
http://Schestowitz.com | GNU is Not UNIX | PGP-Key: 0x74572E8E
roy pts/0 cg001a.halls.man Thu Nov 2 12:33 still logged in
http://iuron.com - proposing a non-profit search engine
|
|