Username or EmailPassword
Switzerland also gave out a warning, full text only available in German, French and Italian.
Video of Microsoft’s head of security and privacy weaselling out of the issue. http://news.bbc.co.uk/1/hi/technology/8466366.stm Pathetic, absolutely pathetic. This is just a PR blip to Microsoft, that’s all. They couldn’t give a damn about actual security.
People running a 10 year old operating system with a 10 year old browser and then having this huge dilemma when they get burned by an exploit.
What other company is expected to maintain updates to programs and operating systems released a decade ago? Mozilla sure as hell hasn't done anything of the sort.
IE8 and IE7 both collectively have more market share than IE6, and are also coincidentally significantly harder to exploit.
This should embarrass Google if anyone, and people need to get with the program.
Every browser has it's own quirks, Mozilla's are just as funky as any of IE's.
IE8 also has a quirks mode for IE5/6 level compatibility.
Microsoft's only crime with IE6 was neglecting it's development for so long after it was released. At the time it was released, IE6 had superb support for standards.
People partake in this revisionist history to use to prop up their idealist view of how the web should be, it does not make it true though.
MS encouraged developers to code to proprietary IE extensions rather than to the subset of standards supported by browsers of the day... They also encouraged users to totally ignore other browsers and code only for IE.
Many of these non standard applications are now incompatible with any current browser, IE8 quirks mode doesn't always work with them and sometimes its necessary to disable many of the new security features.
They also intentionally neglected to update their browser for many years and severely handicapped progress on the web. Had it not been for firefox, it's likely they never would have updated anything either.
If you wrote a standards compliant application and tested it with multiple browsers, then it would run on any browser today and people wouldn't be locked to IE6.
Hmm yeah, I remember using something like 0.7 in 2003, think it was called Firebird then.
Need I mention that Microsoft committed themselves to long-term support for the platform, or that businesses being able to target IE6 and then just sit on that code for ten years was part of the sales pitch?
That manager certainly isn't very convincing--it's painfully clear he's a PR flack and not someone who's at all informed on the issue. (Microsoft's UK managers seem to have demonstrated an above average ability for putting there foot in their mouths. There was that thing about comparing Win7 to the Mac a few months ago, and I vaguely recall something else earlier last year that I can't quite place.)
Still I think it's overreaching to say Microsoft doesn't give a damn about security. The vulnerability does exist in all major versions, but DEP and Protected Mode do neutralize any attacks at this point, and it's going to be far harder to contruct an effective exploit against browsers in which those are enabled. That's not spin, but simply the defense in depth strategy doing what it's supposed to do: provide additional layers of protection when one fails.
I think a lot can be attributed to overall technological ignorance on behalf of the Governments (not an excuse, just some context behind their irresponsibility).
It's a bug, software has bugs, but it's Microsoft and IE, so it is instantly a sensationalist headline and used as a crutch for those who generally scream their heads off about alternative browsers to finally have something which resembling an audible whisper.
But it's a far more serious bug due to the prevalence of windows and ie.
Look at it from a hacker's point of view, you can guarantee that any large corporation or government you want to target will be running windows/ie/msoffice on all their desktops... This is very useful for a hacker, you need 1 exploit, 1 backdoor and 1 skillset.
By contrast, if you couldn't be sure wether your victims ran windows, linux, bsd, mac or whatever else and couldn't be sure if they ran firefox, chrome or opera your attacks become much more difficult. You have to discover what your targets run first, and then look for exploits knowing full well that any exploits you develop will only target a small percentage of your targets.
And from the targets standpoint, having no choice but to use windows/ie is a very bad state because even if unpatched 0day exploits are everywhere, there is very little you can do about it. If you have the freedom to choose your software then it becomes easy to switch if one vendor is failing to fix issues and you can choose the software which best suits you rather than having no choice...
Do you really think google would have been using IE if they had any choice? They make their own browser which is a lot better, there has to be some proprietary apps locking them to ie.
If you're that sort of hacker you're in luck in the UK, all the councils I've worked for here in the last 7 years are using the Win XP/IE6 combo for their apps for Housing and Social Services, and no end in sight. Their excuse is they have hardware firewalls in place.
Some only upgraded a few years ago from Win95.
There are a few open-source solutions at the back end but the desktops and email are all MS.
It's IT heaven
In other news...Next week, Germany advises not to use Windows anymore for the same reasons