[Owasp-singapore] [security-77] Two-year-old data leakage flaw still haunts Internet Explorer

Wong Onn Chee ocwong at usa.net
Thu Nov 4 00:48:02 EDT 2010


True.

I have seen bank customers who are rolling out new internal banking
systems which requires IE6.
The FSI industry is sitting on a time-bomb which will implode sooner
than later.
Will love to tell the FSI folks then - "I told you so". ;-)

Maybe MAS should issue a directive that use of IE 6 or any obsolete
browsers is not allowed.
This is no different than the typical audit requirement that "thou
should not run unsupported systems".
So why are auditors allowing FSI to continue running unsupported browsers?
Maybe we should audit the auditors? ;-P

Sorry for the grumbling and thank you for your time in listening. :-)

Regards
Onn Chee

On 11/04/2010 10:20 AM, FG wrote:
> It is all about busine$$. I have lots of customers still using MSIE
> 6/7 in their enterprises since some versions of Crystal Reports,
> Siebel, etc.. does not run in MSIE 8 (never mind MSIE 9).
> Yes, I have tried "Compatibility Mode" in MSIE 8, it fails in so many
> old web apps... tearing more hair out every time I file a claim.
>
> When Windows 7 came out, instead of providing inbuilt "application
> virtualization" à la Microsoft App-V, VMWare ThinApp or Altiris
> Software Virtualization Solution.
> Microsoft chose to use "XP mode" which is basically running a lame
> (which cannot suspend/resume), sluggish (VPC anyone?) desktop
> virtualization version of Win XP and then terminal out the MSIE 6/7 app.
>
> Once compatibility pains build up enough, customers will be forced to
> upgrade... or thinks Microsoft.
>
> Sadly money don't fall from the skies. XP will stay for a while more. 
>
> Meanwhile we need to understand that, learn to secure our end-points
> or even take radical steps of using FireFox/Chrome to surf the web
> while preventing MSIE from connecting beyond the firewalls and to the
> internal web proxies.
>
> *Enterprises: We'll run Windows XP even after retirement*
> 48% of companies say they they'll run XP after Microsoft retires the
> OS in 2014
> http://www.computerworld.com/s/article/9194039/Enterprises_We_ll_run_Windows_XP_even_after_retirement 
>
> -
> fg (which is of cause, a pseudonym)
>
> > From: ocwong at usa.net
> > To: security-77 at meetup.com
> > Subject: [security-77] Two-year-old data leakage flaw still haunts
> Internet Explorer
> > Date: Tue, 2 Nov 2010 09:10:23 -0400
> >
> > http://www.zdnet.com/blog/security/two-year-old-data-leakage-flaw-still-haunts-internet-explorer/7604
> >
> > --
> >
> > Best Regards
> > Onn Chee
> >
> >
> >
> >
> > --
> > Please Note: If you hit "REPLY", your message will be sent to
> everyone on this mailing list (security-77 at meetup.com)
> > http://www.meetup.com/SGSecurityMG/
> > This message was sent by Wong Onn Chee (ocwong at usa.net) from The
> Singapore Security Meetup Group.
> > To learn more about Wong Onn Chee, visit his/her member profile:
> http://www.meetup.com/SGSecurityMG/members/1756147/
> > To unsubscribe or to update your mailing list settings, click here:
> http://www.meetup.com/SGSecurityMG/settings/
> > Meetup, PO Box 4668 #37895 New York, New York 10163-4668 |
> support at meetup.com
> >
>
>
>
>
> --
> Please Note: If you hit "*REPLY*", your message will be sent to
> *everyone* on this mailing list (security-77 at meetup.com
> <mailto:security-77 at meetup.com>)
> This message was sent by FG (fatguppy at hotmail.com) from The Singapore
> Security Meetup Group <http://www.meetup.com/SGSecurityMG/>.
> To learn more about FG, visit his/her member profile
> <http://www.meetup.com/SGSecurityMG/members/9586277/>
> To unsubscribe or to update your mailing list settings, click here
> <http://www.meetup.com/SGSecurityMG/settings/>
>
> Meetup, PO Box 4668 #37895 New York, New York 10163-4668 |
> support at meetup.com 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/mailman/private/owasp-singapore/attachments/20101104/d8854b6c/attachment.html 


More information about the Owasp-singapore mailing list