I get email:
The U.S. Department of Homeland Security recommends that all users temporarily discontinue the use of Microsoft Internet Explorer (IE) due to a critical security flaw.
If y’all already knew all about this, what can I say? I’m old and slow.
Image: John Webber, Portrait of Captain James Cook, c. 1780
JDM
I stopped using Explorer a while back too, but this makes me wonder: Fatherland Security want you to stop using it? is it uniquely resistant to NSA snooping? :)
Butch
Every single one of the company’s on-line tools (monthly status reports, timesheets, expense reports, webmail, file transfer) are based on IE and will not function in anything else. I’m stuck.
CONGRATULATIONS!
What a crock of shit. What are they going to do, send the entire US government home until Microsoft can get off their fat asses and get a fix out?
(if you didn’t know, in most Fed shops you are REQUIRED to use IE and no alternatives are acceptable)
@JDM: The problem is a zero-day exploit that’s been known about since late last week. Why the news just seems to be coming out today is beyond me.
jheartney
Us OSXers couldn’t use Explorer if we wanted to. If the thing would just die it’d simplify web developers’ lives immensely.
cokane
IE has been garbage ever since there was browser competition, iirc
catclub
@Butch: The unstated text is, ‘to go and visit dicey websites’
(which your company may be!).
If your use is only internal, less risk.
CONGRATULATIONS!
@jheartney: au contraire. Fire up Parallels/Virtual Box and use any flavor of IE you want.
I know at least one person (yes, he’s an idiot) who runs full-time Windows on the Mac because it’s “more secure”.
But there are a lot of Mac folks who need to set foot in Microsoft’s world every day for work. And they’re frequently some of my more difficult users, as they are not aware of viruses, hacking, or exploits and routinely do the stupidest shit imaginable because they think it can’t happen to them.
beltane
I make it a point to never use IE anyway.
Ash Can
@CONGRATULATIONS!: It’s not. The government advisory came out yesterday. I saw it discussed elsewhere.
Belafon
Why is the DoD telling us this? I thought it was the job of the NSA to warn us about security threats. How long do you think the NSA has been exploiting this to spy on Americans? Was this in the documents that Snowden took?
(In before Cassidy, though this sarcasm is totally my own.)
Someguy
Mozilla hired a known bigot, IE sucks, and Google is basically evil, contra their corporate maxim.
Given the Big 3 are some combination of corrupt and insecure, anybody got any suggestions on browsers?
Butch
@catclub: It’s actually a fairly large company but you’d laugh your head off at some of the sites; it takes about a dozen clicks and two log-ins to get to your current timesheet.
CONGRATULATIONS!
@Someguy: Been using Opera since 2002. I have always been very happy with it, but it is not everyone’s cup of tea.
Just Some Fuckhead
People still use Internet Explorer?
catclub
@Someguy: Lynx!
en.wikipedia.org/wiki/Lynx_(web_browser) Wikipedia:
Lynx is a highly configurable text-based web browser for use on …. be found in repositories of most Linux distributions, as well as in the
Certified Mutant Enemy
@jheartney:
Years ago, Microsoft ported Internet Explorer to Unix, the slogan for this short lived product was something like “Bringing the internet to Unix” Never mind the fact that the first web browsers ran on Unix like systems….
Belafon
@Someguy: Write your own. I would suggest first writing your own programming language. You might also need your own operating system.
It’s the only way to be totally sure.
Certified Mutant Enemy
@Someguy:
lynx ;)
Omnes Omnibus
@Belafon: An internet of one.
srv
Well now I have to be contrarian and download IE.
Hitlery has declined to keynote at Netroots Nation this summer. She’s already decided to throw progressives under the bus.
mike with a mic
The issue is with Adobe actually. If you aren’t using Flash, are using IE 10.0 or after, or have Microsoft EMP enabled this isn’t an issue.
That said apple Safari, Google Chrome, and even Firefox have all had similar fuck ups. No browser is safe, you need to have several to chose from. Though Safari is by far the biggest pile of shit out of them all. The best was the hole Safari caused that broke security in Windows, so as soon as it force installed in an itunes update you got fucked.
Amir Khalid
I only ever used Internet Explorer to find and download Firefox on a new PC, and then never again. The guy who sold me this current laptop downloaded Firefox for me so I’ve never had to use it on this machine.
Schlemizel
@CONGRATULATIONS!: BINGO!
Several of the apps I use every day either do not work or at least do not work well unless using IE. How do we allow developers to get away with that crap? Imagine how well facebook or Amazon would do if they said “Sorry, you can only get us to work with IE?
I will do what I have done for the last 4 years, use IE for the things I must & not for anything I don’t have to. Lucky for me my job responsibilities allow me to install Firefox & Chrome, most cnnot.
Schlemizel
@mike with a mic:
Yeah, I got word of a new critical exploit this morning tied to Adobe that hits all browsers equally. Adobe is a major problem as is JAVA, much much much worse than your browser choice and there is almost nothing most people can do about it.
Keep updating & pray that the other wildebeests are slower so the lions take them instead.
Roger Moore
@cokane:
Was IE a good browser before their was competition? When it dominated the market you could usually count on sites rendering correctly, but it still sucked in terms of security and UI. And you were more or less screwed if you used an OS other than Windows.
Davis X. Machina
@srv: They’d boo her if she went.
nellcote
@Davis X. Machina:
or throw shoes.
CONGRATULATIONS!
@Schlemizel: Back when I did software development for the gov, IE (client) and Microsoft (server) were mandated, all the way from the very top. Suspect some folks got a hell of a job for writing that into acquisitions. At any rate, that’s why we can’t have nice things.
Roger Moore
@Someguy:
Opera? Konqueror? Lynx? Telnet to Port 80?
catclub
@CONGRATULATIONS!: “IE (client) and Microsoft (server) were mandated, all the way from the very top.”
This is changing. Our new timesheet entering system [never mind that we were doing paper timesheets in 2014] noted that it worked best on Chrome. I was shocked.
yam
@Roger Moore: s_client to port 443, it’s the only safe way…
Jim C.
@cokane:
Yes, this. I honestly intend no offense, but I’m frankly shocked that ANYONE is still using Explorer these days ever since other, better, options became available a decade or more ago.
Jim C.
@Someguy:
Pale Moon is basically a Firefox clone (or at least it was the last time I used it regularly a couple of years ago) if you want to avoid using Explorer, Firefox or Chrome.
Though given that Firefox fired the bigot, that’s what I’ve continued to use after initially being exasperated about having to decide if I wanted to ditch it or not. I can now use it free of guilt.
Roger Moore
@catclub:
It gets especially confusing when you use web apps written by different groups that each have their own browser preference. Most of the apps we use at work expect IE, and some require it because they use ActiveX controls. But one was set up by an outside consultant and has terrible performance problems with the version of IE on my computer, so I have to use something else.
Eolirin
Here are the details of the exploit. It’s nothing particularly out of the ordinary. Other browsers have had similar issues and this doesn’t even remotely approach Apple’s broken SSL implementation.
I think the proximity to heartbleed is just making people jumpy.
https://technet.microsoft.com/en-US/library/security/2963983
As a side note, enabling EMET prevents the exploit from functioning. http://support.microsoft.com/kb/2458544
IE9+ are solid browsers, on a technical and security level at least (features and UX are much more debatable), and MS spends more resources and focus on security than the other players. It isn’t the early 00’s anymore.
jheartney
@CONGRATULATIONS!:
In which case we are no longer using OSX.
They probably have this bizarre idea that being a computer user shouldn’t require that you became an expert in security.
CONGRATULATIONS!
@jheartney: No, they have an even more bizarre idea that the internet is a playground strewn with flowers and populated by unicorns, and that there could never be any bad consequences to any actions they choose to take.
They’re a lot like children who were taught that it’s totally OK to play on a freeway.
I’m the security expert for my workplace. I would never expect my users to be that. But I do expect that they should know enough to not play on the freeway. And a lot of my Mac users don’t. But after a couple of ruined hard drives, a ton of lost work and some unpleasant conversations with their bosses, they learn.
Villago Delenda Est
@Omnes Omnibus: Reminds me of the absolutely dreadful “Army of One” recruiting campaign. What, they’re trying to appeal to Randian assholes?
Omnes Omnibus
@Villago Delenda Est: I used it as my template. I thought it was a horrible ad campaign. I liked the “Be all you can be” campaign.
another Holocene human
@Roger Moore: ie arrived as competition to Netscape Navigator, actually.
Nobody was interested so they bundled it in basically all PCs sold for a few years and told the feds it was an integral part of the operating system.
The result was 0wnd IE, 0wnd computer. Windows came out with a built in firewall a few editions too late.
What Have the Romans Ever Done for Us?
I work for the federal government, and the only browser on our machines is IE. So, exactly how am I supposed to do all the stuff I have to do on the internet every day (not commenting on BJ – other actual work stuff) and follow this directive?