lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <200407082311.i68NB2V30654@milan.maths.usyd.edu.au>
From: psz at maths.usyd.edu.au (Paul Szabo)
Subject: How big is the danger of IE?

Eric Paynter <eric@...ticbears.com> wrote:

>> http://www.kb.cert.org/vuls/id/713878
> 
> The amazing part is that CERT, a vendor-neutral organization who usually
> only provides information about how to secure a product, who does not
> counsel on product choice, has made a recommendation to consider
> alternatives to IE. Have they ever made such a recommendation in the past?
> Certainly not that I'm aware of.

They have the (almost) exact same "drop IE" paragraph in

  http://www.kb.cert.org/vuls/id/413886
  http://www.kb.cert.org/vuls/id/784102

since February 2004. (There used to be an even stronger warning in
http://www.kb.cert.org/vuls/id/323070 but it was toned down after the 
release of MS04-013.)

I do not read that as advice on product choice, just a statement of the
technical inadequacy of IE.

Cheers,

Paul Szabo - psz@...hs.usyd.edu.au  http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics  University of Sydney   2006  Australia

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ