Saturday, January 23, 2010

Are you stuck using dangerous and outdated tools? Like Internet Explore 6 (IE6).

I spend a lot of time working with an IT department that makes statements like "We are a Microsoft shop here" (I thought we designed Embedded Systems for Fire Fighting and Security?), and "Linux is just a toy". In the name of security Mordoc demands that only Microsoft IE6 and Outlook be used to access Internet. These are the two most attacked programs in the history of Mankind. Resume anyone?

Anyway to the point of my ramble here is that Microsoft has stated that everyone *must* upgrade to IE8, in Microsoft Security Advisory 979352. Does Mordoc care? Apparently not.

What do you do when you are forced by IT and their management to use old dangerous equipment and/or programs?

The SANS Institute newsletter for Jan/22/2010 gets into the IE6 attack code, which is worth a read, Researchers Finds Evidence in Attack Code Used on Google That Points to China. The various SANS newsletters are worth reading each week to keep up on security issues. A safe system can not be safe unless it is also a secure system.