On Mon, July 19, 2004, Eric Paynter replied to: > nicolas vigier, whom said: >> The real solution is to use a browser with no known >> vulnerability (and that's better if it didn't have >> a lot in the past), not to try to hide what you >> are using. > > That's not always possible. Sometimes, changing the browser > is a project that will take months to complete (think: > corporation with thousands of PCs at hundreds of sites - it > takes time to create the business case, get funding, > build/test the auto install package, retrain the end users, > etc.). In the period of exposure, any little bit helps > (albeit, minimally). This small change can probably be done > in a couple of weeks with no impact to the user. Not to mention all the vendors out there whose products have assinine restrictions, because they can't be bothered to code portable web-apps. Think Cisco, for one. I personally think that _EVERYBODY_ with a CCO contract should open up a TAC case complaining that X-application (website, RME, VMS, etc..) doesn't work with a W3C-Standards Compliant browser, nor with latest-bug-fixed JREs. I've already got mine open, but of course "Use I.E. or some old version of Netscape Navigator, and an old JRE!" is the typical response. They need a lot more prodding to keep their security platform up-to-date with security standards.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature