Log in

No account? Create an account
Wakum Mata!
Politcally Incorrect Musings
12th-Mar-2008 07:02 am
FTP Bug Leaves IE Users Vulnerable
Security researchers say that a previously patched IE 6 bug can still be exploited.
Robert McMillan, IDG News Service
Wednesday, March 12, 2008 6:15 AM PDT

A flaw in the way Microsoft's Internet Explorer browser processes FTP commands could let attackers steal or erase data from a victim's FTP site.

The bug, which affects users of IE 6 and the unsupported IE 5 browser, gives an attacker a way of hijacking the victim's FTP sessions. But a successful attack would be very hard to pull off and would only work in very precise, targeted attacks, security experts said. [...]


This news blurb comes to me today after I received notice at work yesterday that we are not to install Firefox (called "foxfire" in the email). This is due to there being "no support model" and therefore "there could be vulnerabilities that are not addressed".

Uh? No support model? Then what is support.mozilla.com? Sounds like someone in IT has been drinking the Microsoft Kool-Aid. The kicker is that it is okay to use Firefox if you are a Linux/Unix user.

FUD = fear, uncertainty, and doubt.
12th-Mar-2008 10:10 pm (UTC)
Your IT people actually allow you install privileges? They definitely don't know what they're doing.

The problem with Firefox (or SeaMonkey) from a network standpoint is that there's no system for network rollout and continuous update. If you've got the money for a MSI packager, then a network rollout is plausible... Oh, but that also requires that your IT people know what they're doing. The updating is the problem. IE7 updates just require a single click in WSUS and the update can be forced. There's no intelligence required. Mozilla mostly relies on the user to apply updates. They do provide a nifty little auto-checker now, but that's about it. Updates usually require admin install privleges too. Again, there's ways around that, but they're usually pretty expensive and/or require some programming and work on ITs part.

The exception for Firefox for NIXers is funny. Sad, but funny. Anyways, I need to get back to tormenting my users...
12th-Mar-2008 10:48 pm (UTC)
The IT around here certainly does have a liberal policy regarding installs. However, given the vast number of tools (internal and 3rd party) we use, it would be impossible to manage all the calls on "I need this tool". They make them available internally for self install. This is a large company and I believe that they do have the MSI installer software.

Updates are regularly forced.

I think it is just laziness on the part of IT. The supposed unaddressed vulnerability is just their excuse. All the internal web apps are IE based.

I know the company doesn't like for us to install "unapproved" apps on their boxes, so I don't... not on THEIR box.... heh heh heh.

Search the box... Firefox ain't there.

Portable Apps

Edited at 2008-03-12 10:50 pm (UTC)
This page was loaded Aug 24th 2019, 5:58 pm GMT.