PDA

View Full Version : AP and Google drop support for IE V6



Kym
02-02-2010, 2:02pm
Well good to see Google are following our example. :rolleyes: :D

Google have dropped support for Internet Explorer V6. (http://googleenterprise.blogspot.com/2010/01/modern-browsers-for-modern-applications.html)

FWIW: I do not test AP features with IE V6, and have not for a long time (2008), so if it works its not specifically by design.
:lol2:

MarkW
02-02-2010, 8:42pm
Ohhhh Noooo

What am I supposed to do at work. Stupid Government browsers are generally all IE6.

We also have Office 2004 and XP sp2

When you wonder why Government, both State and Federal are slow to get the necessary info, just remember how we are hogtied to crap software on crap Dell machines.

I don't make the rules but I'd love to put those who do up against a wall and pull the trigger :action:

Kym
02-02-2010, 8:44pm
Even M$ say don't use IE 6.
XP is SP 3 - what are they thinking? Govt data is insecure!

MarkW
02-02-2010, 8:52pm
Govt data is insecure!



Not really, we have firewalls both hard and soft and anti virus and malware and more crap than you can poke a stick at. Added to that all our network between depots and buildings and inside the building is dedicated hard wired just for us - no cable sharing. The advantage of being an energy supplier. That same dedicated f/o cables also contol our entire electricity netrok turning subs off and on and all points in between. Software which controls priority systsems is also physically seperated from day to day stuff. War Games can never happen with us.

Kym
02-02-2010, 9:05pm
<snip>War Games can never happen with us.

Never?

I've done a lot of IT security work (General Govt, Defence and private sector,
I also worked for IBM software group and worked with the crypto labs peeps in the Gold coast)
and I'm always paranoid about security threats; but am I paranoid enough?
That's the real question.

I seen enough 'secure' Govt systems penetrated to know 'never' never happens.

MarkW
03-02-2010, 6:34am
Never?

I seen enough 'secure' Govt systems penetrated to know 'never' never happens.

Fair call - but you can understand if I don't talk any further about our IT security on an open forum.

Kym
03-02-2010, 7:20am
Fair call - but you can understand if I don't talk any further about our IT security on an open forum.

Not a problem. I don't go into specifics of any situation.
There is a lot I can't post; but can advise general approaches.

Govt departments who don't keep the SOE's up to date are fooling themselves.
The CIO needs a big kick in the rear.

MarkW
03-02-2010, 11:22am
Our place spends so much time and money pi55ing around to ensure a new SOE is compatible to 6 million other things that by the time they give a indication to then start the buying side of it, the platform is already 2 years out of date. Their stupid rules to buy something then take no less than 6 months, more likely a year and now the SOE is 3 years from first introduction - and thats if nothing goes wrong.

ving
03-02-2010, 2:04pm
just forwarded that article on to our IT dept... maybe they will do sometihng about it.

Kym
03-02-2010, 2:17pm
Our place spends so much time and money pi55ing around to ensure a new SOE is compatible to 6 million other things that by the time they give a indication to then start the buying side of it, the platform is already 2 years out of date. Their stupid rules to buy something then take no less than 6 months, more likely a year and now the SOE is 3 years from first introduction - and thats if nothing goes wrong.

But that's just bad IT management.
You have a base SOE and incrementally upgrade it as needed.
You have a standard set of test scripts you give to temps or uni student types to run based on change impact analysis (you don't test/re-test everything on every SOE change).

An SOE is not a static thing. It must change regularly over time.
Machines in the fleet get the *latest* SOE when re-imaged and should be up to date by auto update mechanisms like SMS.

We service 100+ servers and 2000+ desktops and notebooks from a very well organised support staff of 7 (actual hands on people).
There is an outsourced helpdesk who do level 1 support as well
Latest browsers, SP's, patches etc. SOE is Win XP/Office 2003.
We are skipping Vista/2007 and will roll to Win7/2010 late 2010 early 2011.

Our support are also ruthless - you have a problem and its software? Option a: Re-image! There is no option b.
(We have a bunch of engineers with local admin rights - they install all sorts of crud stuff)

MarkW
03-02-2010, 5:52pm
Like you we now have a very small IT section which doesn't get involved in the day to day but more looks after policy, future (what a joke), security, and the network.

Our PCs/laptops are hired through ComBank and installed by Fujitsu, which includes software upgrades and installs. Problems are dealt with by Gentronics and our help desk is a contractor. Helpdesk???? another joke, they have less computer knowledge than I do which for a help desk, I find disgusting. All they really do is redirect the call, but half the time they don't understand the proplem or even know what systems we have and their primary function. Oh for the days when we had internal help desk people. They really knew their stuff.

We have about 3000 office staff and generally speaking each one would have either a lappy or a PC.

Many of the "power" users and those who are software specifyers (me for Automatic Tank Gauging Systems) still have admin rights (to some extent) which we only hold onto them by a very tenious thread.

These days we only get a O/S upgrade is when you get a new machine at about 3 years and I don't think we have bypassed Vista - I really hope we have but I would'nt put money on it.

Kym
09-02-2010, 11:42am
UPDATE: Microslug are really slow at dealing with serious issues.

http://www.theinquirer.net/inquirer/news/1588200/microsoft-ie6-flaw-months


MICROSOFT WAS MADE AWARE of the zero-day IE6 flaw five months before it released the
'emergency' out-of-band ms10-002 patch to finally fix the problem yesterday.

The release was hurriedly cobbled together to patch the hole in Internet Explorer that was thought to
have given Chinese hackers, possibly working for China's government, access to Google's internal
systems and human rights activists' Gmail accounts.

The Vole acknowledged that it had known about the flaw when Meron Sellen, a white-hat hacker
employed as a security researcher by Israeli firm BugSec, alerted Microsoft to the issue back in
September last year.

Jerry Bryant, senior program manager at Microsoft Security Response Center posted a blog update last
night, confirming the story:

"As part of our investigation, we also determined that the vulnerability was the same as a vulnerability
responsibly reported to us and confirmed in early September," he admitted.

This is a prime example of why open source products are safer.
If such an issue were reported to Mozilla (the Firefox developers) you would see patches released within days; not months.

An interesting fact is that Firefox has many more issues reported and patches issued than
Microslug Internet Exploder. On the surface may indicate Firefox is less safe and buggier
than IE; in fact the reverse is true.

First, while each issue is documented and fixed by Mozilla, Microslug bungle bundle many issues into a
single notice and patch release. You end up with bigger patch kits that are issued less often.

Secondly, Microslug do not fully disclose all the changes delivered in a patch, and
you can not verify what they say as its a binary only release.


I know I'm probably preaching to the choir, but when you see that Microslug knew about the issue
5 months before they were in fact forced into patching it you have to wonder!

Kym
24-02-2010, 12:23pm
AusPhotography.net.au MTD Feb 2010 (from AWstats)
2,823,088 Pages, 8,384,106 hits, 84.40 GB

Firefox 45%
MS Internet Explorer 39.5% (IE6 3.1%, IE7 12%, IE8 24.2%, <IE6 the rest)
Safari 9.1%
Google Chrome 4.2%
Opera 1.1%

ving
24-02-2010, 3:01pm
just forwarded that article on to our IT dept... maybe they will do sometihng about it.rofl! how silly am I... they of course havent done anything yet!:rolleyes:

Kym
30-03-2010, 11:00am
Here we go again...

http://blogs.zdnet.com/security/?p=5855&tag=col1;post-5836

March 24th, 2010
Hacker exploits IE8 on Windows 7 to win Pwn2Own

VANCOUVER, BC — Jumping through a series of anti-exploit roadblocks, Dutch hacker Peter Vreugdenhil pulled off an impressive CanSecWest Pwn2Own victory here, hacking into a fully patched 64-bit Windows 7 machine using a pair of Internet Explorer vulnerabilities.

Vreugdenhil, an independent researcher who specializes in finding and exploiting client-side vulnerabilities, used several tricks to bypass ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention), two significant security protections built into the Windows platform.

http://arstechnica.com/microsoft/news/2010/03/can-microsoft-really-build-a-better-browser.ars

Can Microsoft really build a better browser?
By Peter Bright

At last year's PDC, held in November, Microsoft showed a graph showing scores of a variety of Web browsers in the SunSpider JavaScript benchmark, to show off the progress that the company was making with Internet Explorer 9. Another such graph was shown off at the recent MIX event. What was most interesting about the graph was not IE9's progress, but Opera's.

...

In the meantime, we get nothing from Redmond. (Microsoft's headquarters)

This approach sets Microsoft apart from the other browser vendors. Firefox, Chrome, and Opera all get regular updates. I don't just mean security fixes, though they get those too—they get regular feature updates that improve their performance, improve their standards compliance, and improve their user interfaces. Firefox, for example, had release 3.0 in July 2008, 3.5 in June 2009, and 3.6 in January 2010. Opera 9.5 was released in September 2007, with 10.0 in September 2009, 10.10 in November 2009, and 10.50 in March 2010.

Over a similar time frame, Internet Explorer 7 was released in October 2006, IE8 in March 2009. And now nothing further is likely until 2011.