IE 6 & 7 Unpatched Exploit Goes Wild 149
Kolargol00 writes "Heise online reports the availability of an exploit (Google translation) for the yet-unpatched MSA-981374 affecting Internet Explorer 6 and 7. It has already been spotted in the wild by McAfee and integrated into the Metasploit Framework."
Serves the noobs right (Score:5, Funny)
Re: (Score:2, Funny)
Re: (Score:1, Offtopic)
I use Mosaic [seanm.ca].
Re: (Score:2)
Still running WorldWideWeb.app [w3.org] here you noobs...
Re:Serves the noobs right (Score:4, Funny)
ME TOO!!!
Re: (Score:3)
A/S/L?
Re: (Score:2)
Personally, I just poke a stick in my eye and listen for new rattlings in the tin-can-on-a-string.
Re: (Score:2)
I like Firefox with all plugins running on Vista, but whatever bloats your foat. [urbandictionary.com]
Re:Serves the noobs right (Score:5, Funny)
Comment removed (Score:5, Interesting)
Re: (Score:1)
This drives me crazy. We have several mission-critical apps (via 3rd parties) that REQUIRE IE6 or, in some cases, IE7. It's frigging ridiculous, but there's not a lot we can do about it. (I work for a small company, 1 department uses a program that requires IE6 and IE6 alone. To change off it would cost hundreds of thousands of dollars. It's flat-out retarded, but we deal with it because we have to.
Re: (Score:3, Insightful)
"but there's not a lot we can do about it."
Bullshit - ditch the slacking fuckwits and build it yourself in-house.
Re:Serves the noobs right (Score:5, Insightful)
And before you point out "To change off it would cost hundreds of thousands of dollars." just bear in mind all it takes is me doing one right thing and that hundreds of thousands of dollars in fixing your shit just got turned into multi-million dollar losses because you refused to ditch the slacking bastards and get your own shit sorted out.
Re: (Score:2)
Re: (Score:2, Troll)
by Khyber (864651) writes: Alter Relationship
"but there's not a lot we can do about it."
Bullshit - ditch the slacking fuckwits and build it yourself in-house.
-- Deep Water Culture Made Easy - http://ledkitsune.livejournal.com/ [livejournal.com]
*
*
Re: (Score:2, Insightful)
by Khyber (864651) writes: Alter Relationship
And before you point out "To change off it
Wow. Both troll and insightful. I think you hit the slashdot jackpot.
Re: (Score:2)
As soon as I saw both moderations in my e-mail, I couldn't stop laughing. I'm an insightful troll, am I?
Re: (Score:2)
Re:Serves the noobs right (Score:5, Interesting)
Deploy IE6 with Terminal Services for far less than $30,000. Configure it to only talk to the the authorized applications. Deploy any browser you would like to the desktop.
Where do I send my bill for solving your problem for less than "hundreds of thousands of dollars"?
Re: (Score:3, Informative)
Re: (Score:2)
I work for a huge company and we've got some IE6-only software here. The IT guys say "[Beardo], we know. We can't do anything about it."
I'd really like to know what the software is.
Re: (Score:2)
How do the IT guys there pronounce the braces? Ours have trouble, so if you have tips or some exercises I'd love to pass it on.
Re: (Score:2)
I know that you're probably being funny, but since you might only know Internet English, here we go:
When quoting someone, if you want to change part of the quote for clarity, you put the part that you're changing in square brackets. If you are cutting out part, you use an ellipsis.
So the quote, "he has a lot of posts, notably on Slashdot, and about all manner of non-work topics, and for that we can see his productivity is lower than optimal."
can be changed to, "[Beardo] has a lot of posts, notably on Slashd
Re: (Score:2)
[Beardo],
You are far too kind and considerate of an internet poster to be a real person, and while your normal strategy is to communicate in succinct and straight-to-the-point posts with high information density, you exceeded your average words-per-post count by a large margin by using an uncharacteristically redundantly styled example to help a fellow netizen who is also a likely, as you have observed, jester.
You sir, have earned a laurel, and hearty handshake. I dub thee *sir* Beardo the Bearded, and beq
Re: (Score:2)
I would clearly and calmly present the risk and the cost. Who is going to own cleanup if there is an exploit? Where will THAT money come from.
Remember that managers are there to solve YOUR problems, in theory anyways. They help keep your plate clean so you can focus on task. Present the risks, and let them own this issue and whatever the outcome is you did the right thing.
You might simply protect yourselves by forcing the IE6 and IE7 systems to use a web proxy that DOESN'T allow outside Internet access.
You
Re: (Score:2)
Whoever is in charge of your main IT department should be fired. Out of a cannon.
Re: (Score:2)
Bonus points if you fire the person out of a condom.
Re: (Score:2)
Whoever is in charge of your main IT department should be fired. Out of a cannon.
We could finally find out what happens when an infinitely dense (i.e. unstoppable) skull meets an immovable brick wall!
Re: (Score:2)
Ah, but if you do that you may not be able to find a replacement manager of the same caliber.
Re: (Score:2)
Yes, but if you find someone better, you'll be getting more bang for your buck!
Re: (Score:2)
The other day, someone was asking about moving to IE7 because some sites, including our credit union, would soon end support for IE6. The response was that 1: The web people haven't tested our apps yet, and 2: What testing they HAVE done indicates the apps will break under IE7.
*sigh* Either way, we're screwed. :P
Re: (Score:2)
I'm assuming your web people have other things to do since, according to Wikipedia (http://en.wikipedia.org/wiki/Internet_explorer#Internet_Explorer_7):
That sort of seems like ample time to test all of your apps with it... IE8 has only been out for about a year now so maybe they can get some slack there.
Will they start testing with Firefox 2 soon?
Re: (Score:2)
Did you try hitting F12 and change the compatibility mode ?
For example, Virtual PC does not work in IE8 mode, and this is the only way to make it work.
Re: (Score:2)
You damned kids and your newfangled toys. I telnet straight to port 80 and read from there. Damn I hate all these new tags. It was so much easier when folks just wrapped a text file in PRE tags.
Re: (Score:2)
Telnet?! I pipe it all through netcat!
Re: (Score:2)
You are making it sound like a lot.
Re: (Score:2)
Well, let’s see.
For $999, I can get a MacBook [apple.com] with:
- 2.26 GHz dual-core Intel processor
- 13.3” 1280x800 display
- 250 GB 5400 RPM hard drive
- 2 GB of RAM
- NVIDIA GeForce 9400M with 256MB shared memory
- 2 USB ports, gigabit ethernet, mini DisplayPort
Or an HP laptop [hp.com] with:
- 2.4 GHz dual-core AMD processor
- 17.3” 1600x900 display
- 500 GB 7200 RPM hard drive
- 4 GB of RAM
- ATI Mobility Radeon HD 4530 with 512MB dedicated memory
- 4 USB ports, gigabit ethernet, HDMI, VGA, 5-in-1 card reader, eSATA,
Re: (Score:2)
Re: (Score:2)
Because macs don’t need antivirus... oh wait.
Besides, I’m a geek. I like fiddling with my computer. I’d rather fiddle with it myself than spend an extra few hundred dollars to have it set up already and I can’t change much of anything.
Re: (Score:2)
I’d rather fiddle with it myself than spend an extra few hundred dollars to have it set up already and I can’t change much of anything.
You obviously have never used a Mac. Why don't you look up MacPorts or Fink and see how a very large number of *NIX utilities / apps are available on the OSX platform. While individual Apple software may require you to do something a certain way (just as Microsoft's Outlook / Outlook Express requires you to do something a certain way, for example) there are plenty of 3rd party apps available. Burning disk images for instance has SimplyBurns, Burn, Toast, Disk Utility etc etc. It's your choice depending on w
Re: (Score:2)
You seem to think I spend a lot of time maintaining, updating, or patching my Windows computer. I don’t.
My previous computer was running Windows XP SP3 with no antivirus. The one or two times I got a virus I immediately knew (once, the standard Windows firewall detected it) and manually removed it, which didn’t take long. (And yes; I ran a few scans every now and then to make sure it hadn’t picked up anything that I didn’t notice.) I re-installed Windows twice, I think... once, the o
...and? (Score:1, Insightful)
there will always be unpatched exploits for OLD and OBSOLETE software.
Re: (Score:2)
there will always be organizations who are too large to easily upgrade anything, even something as simple as a browser version, without it cost a ton of money. If you are well prepared and organized I am sure its not that bad, just time consuming, but for many companies, IT sucks hind tit and doesn't get the money, personnel or resources it needs to do something like a system wide upgrade - they exist on the bare minimum required to operate.
And there will always be users who buy a computer and treat it like
Re: (Score:2)
Re: (Score:2)
Unpatched exploits for COBOL?
I'm safe. (Score:5, Funny)
Re: (Score:2, Informative)
http://www.h-online.com/security/news/item/Exploit-for-new-IE-hole-952183.html [h-online.com]
English version of the report.
tough titty says the kitty (Score:1)
Time for some to upgrade, then.
Re:tough titty says the kitty (Score:4, Informative)
Most companies still using IE6 or 7 cannot.
Usually you're facing a scenario akin to this: Some external company created a mission critical web applications. Of course a web app had to be it, because it saves you a lot of dough because you don't need to create a frontend, it's already there! You also don't need to roll out anything, it's already part of the system!
Since MS cares really much (/sarcasm) about standards, you had the choice: Doing it for IE, or for the rest. Since IE is part of every Windows installation, and you didn't want to roll out a frontend in the first place (remember, paradigmas are to stick to, even if they become a problem, else your boss might ask "why did you want that in the first place?"), you will create that frontend for IE. IE 6 orIE 7, to be exact, because they, too, are only kinda-sorta compatible to each other.
Fast forward to the present. The company that made your mission critical application already overstepped its allotted budget by about twice its size and is still busy fixing the odd bugs... provided the company still exists, that is.
Are you the one going to your boss telling him that they should stop fixing bugs now and migrate the behemoth to IE8? He will ask for the reason. You tell him about the security problems. He will laugh at you and call you a scaredy-cat.
That was the moment I quitted my well paid CISO position. It became too much of an ejector seat to be comfortable anymore.
Re: (Score:1)
This is fairly easily solved by using IE 6 or 7 to access those apps and using a current browser for everything else.
Re: (Score:2)
Oh yeah, and your employees will certainly heed that. They know the internal app works with IE6, and they have to learn using that, so they will use it for everything.
Re: (Score:2)
IE8 has an IE7 mode for backwards compatibility. ... Another alternative is installing some other browser (e.g. Chrome or Firefox) for external sites, and leaving IE6 or IE7 for intranet.
Re: (Score:3, Insightful)
Re: (Score:2)
Yes, it's possible to create something that works in all servers. Problem is, the application does already exist and it does not work too well in IE8. Yes, even in "compatibility mode".
Quick Reaction Times (Score:3, Funny)
Re:Quick Reaction Times (Score:4, Funny)
They are doing all of us webmasters a huge favor, by hasting the long overdue demise of MSIE6
Who are the asshats? (Score:2, Insightful)
Why can opensource developers fix issues so quickly when a billion dollar company can't? Why is this code that the developers were paid very good salaries to develop, on which the company made billion of dollars of profit, so insecure that it keeps turning up vulnerability after vulnerability?
Maybe when you car door keeps popping open and therefor people steel your car, it is time to stop blaming the thiefs and start to talk to the car maker.
IE is a joke, so punch the clowns that made it.
Re: (Score:3, Insightful)
I'm not knocking MS
When they know about an exploit and don't patch it until some black hat uses it, they deserve to be knocked, as does any other software company that acts like that (say, Adobe).
Before anyone nags about Metasploit... (Score:4, Insightful)
I wish it could be used for good (Score:2)
to force stubborn IT departments into upgrading their enterprises' PCs. There's lots of them that keep a vast array of zombies with IE6 installed just because they fear anything else will be incompatible with their intranet software.
Re: (Score:2)
corporate ie6 users don't let their browse the rabid filled web from their internal network. Somehow people think the only way to use a browser is if it's directly accessing external websites.
Re: (Score:2)
"corporate ie6 users don't let their browse the rabid filled web from their internal network."
Bullshit. Flextronics, Solectron, Hewlett-Packard, ALL of them allow browsing on the internet with IE6 to non-work related sites.
Re:I wish it could be used for good (Score:4, Insightful)
Since I have been that "stubborn IT department" for a sizable share of my life, mind if I defend myself? It's not the IT guys that refuse to upgrade most of the time.
Unless you're a tiny company with 20 employees, upgrading to another browser is not a trivial task. And I'm not even talking about installing the new version. That actually IS trivial. Any sensible company of halfway decent size already has automatic overnight rollouts in place. If they don't, well, tell me the name and I know what shares to sell quickly.
The problem is not a technical one. It's a compatibility nightmare. You might know that IE6, IE7 and IE8 are not really 100% compatible to each other. Sure, the differences are subtle and often consist of "one more click here", but I'm sure you also know the average company user: The moment his computer does not work EXACTLY as he is used to, it is "broken" and he will refuse to do anything anymore before IT comes down and "fixes" it. And no, sending out instructions how to work around the problem 'til the fix can be applied do not work. Never have, never will.
It's not IT that stalls. Actually, it's mostly a battle between CTO and CISO. The CTO fears incompatibilities, the CISO security breaches. It's easy if the company decided to roll them into one position (because, frankly, a CISO... what does that guy do except look scared all day?). Then you just find one person hanging on a rope somewhere in a basement instead of two guys in suits duking it out in the server room.
Just do your fucking job for once (Score:5, Insightful)
We are talking IE6 here, it is a decade old by now. Do you still use 10 year old PC's? Do you use 10 year old cars?
Oh, you yourself might not be the problem, the real issue is IT management who keeps trying to cut costs by going for the lowest support contract and guess what costs the least to support? NO.
That is it, the word NO is simplest.
"Can I get an open port to SSH to our external servers?" "NO" Time spend: 0.5 seconds.
"Can I install software X that I do actually need?" "NO" Time spend: 0.5 seconds.
"Can I get a license for virtual window machines so I can test software in a safe environment?" "NO" Time spend: 0.5 seconds.
"Can we upgrade our software at least with in say half a decade of release so we are not completely behind the times?" "NO" Time spend: 0.5 seconds.
The problem is very simple, it is a constant cost factor to keep up-to-date. New versions are released so often after all, nearly every 2-3 years. Who can keep up? And it is oh so tempting to skip an upgrade. Why do all the compatibility testing during the beta and release candidates of a new product when you can let everyone else test it for you? Because sherlock, that doesn't test it for you. And that is the testing you need. So you save some money now, but are building up the future migration costs, till those costs become so high that you can no longer afford them no matter what.
It is all about budgets and promotions, you get promoted for keeping you budget low this year, and by then it is the next guys problem if he inherits the hidden costs.
And all because people have become more interested in management then actually doing their job. Because those incompatibilities between IE versions? Those are your fucking JOB. That is why you are paid system monkey, to sort these things out. What next? A car mechanic explaining why he hasn't replaced the brakes on a vehicle that crashed because it was such a hassle and they were covered in dirt and he just didn't want to get his hands dirty? That is exactly what you are saying. Oh my job is so hard, I can't be blamed for not doing it.
Sadly, big companies seem to attract your kind, who is more interested in their performance rating then actually just doing their fucking job. If I let my servers get so out of date they are hacked, well my customers kick me very very hard. I make sure to keep up with the alpha and beta's so that I know the issues with a new release, know the developers know them and can fix them and then am ready to implement them, so that at least then when a problem hits, I don't first have to upgrade several releases in order to not find every issue with a "solved in version X". And you know what, by staying on the edge, you often beat the bad guys. They after all are aiming for the largest mass, and the largest mass is guys like you who can straight faced give an excuse for running a decade old browser.
Really, how can you standup and claim your earned your keep when you still haven't managed to retire IE6. Do you still have a punch card reader for that essential piece of accounting software? Still use floppies because you might need one? Have word perfect installed for an old word file? No? You upgrade stuff like that? Then why does the browser, a piece of software that by its nature faces the whole nasty outside world, not get updated?
Yeah yeah, legacy system needs it. No it doesn't because such systems should be upgraded as times change. You aren't still running windows NT 3.5 are you?
Frankly, I see this problem far to often. You get asked to work on a problem and then find the software is several releases out of date and then have to find a way to bill a client for essentially doing what their own admins should have done. Admins are to afraid of having to say to their boss "why yes sir, the system is running perfectly but I still need resources to make sure it keeps doing that in the future" and developers are more interested in chasing glory then keep their past projects maintained.
Re: (Score:3, Insightful)
We are talking IE6 here, it is a decade old by now. Do you still use 10 year old PC's? Do you use 10 year old cars?
Firstly, many, many people use 10 year old cars. Not as many use 10 year old computers, I grant you, but cars can last for 30-40 years or more.
Secondly, IE6 is only a tad over 8 years old. It came out in the latter half of 2001.
Really, how can you standup and claim your earned your keep when you still haven't managed to retire IE6. Do you still have a punch card reader for that essential piece of accounting software? Still use floppies because you might need one? Have word perfect installed for an old word file?
I've worked for very large companies before. And yes, punch card readers are still used in some industries. And yes, floppies are still used. And yes, Word Perfect is still used.
Big corporations don't work the way you think they do. Most of them make money by, oddly enough, not payin
Re:Just do your fucking job for once (Score:5, Insightful)
Excuse me? Did something crawl up your rear and die there or why the hostility?
Here's your environment. It's not made up, it's real. I can vouch for that, I was the CISO for that environment for about a year.
You have: A mission critical web application, written for IE6. Not only for you but also for 8 sister companies that have equal share in pay (and say) where this application goes. A staff of 200 people (in your company, not counting the sisters) used to this application, each and every one of them having limited to no computer knowledge out of what they have been rote-trained to. A boss whose primary concern is to keep things running who does not believe you when you "scare" him with security threats (i.e. when you're doing your job). On the up side, you have near limitless funds at your disposal, but they have to pass boss-approval.
What do you do? Suggest an immediate upgrade to IE8? No-go. It breaks the mission critical application. Suggest bringing the app up to speed? Takes time. First to assemble the CISOs and CTOs of the other sister companies, then piss away a few meetings and lots of time trying to figure out who pays for the shit (remember, you have limitless funds but still have to pay less than the others. It's a prestige thing that you shift the cost onto the sisters). But hey, you get to spend lots of time traveling and living on company expense! So you can imagine that some of the CISOs/CTOs you're dealing with are not too keen on ending this any time soon, even if you are. You can NOT push forwards alone, because the app has to be compatible across companies (they basically use the same database backend and any minor inconsistency results in a disaster, effectively shutting your operation down, making the evening news and ensuring you won't work in any position anymore that doesn't end in "want fries with that?").
Btw, telling anyone that the security hole is a problem gets met with laughter.
Welcome to the world of CISOs. The comic foil in the C?O world.
Re: (Score:2)
I don't understand the problem here. Why not keep using IE6 for the one application that requires it, but have a modern browser on the same computer for everything else?
Re: (Score:2)
I don't understand the problem here. Why not keep using IE6 for the one application that requires it, but have a modern browser on the same computer for everything else?
You're assuming that the user base is smart enough to be able to know when to use which browser when most of them are still confused about why the the cup holder open button is labled "eject".
Re: (Score:2)
You would have to set the outside browser to use a proxy and set the firewall to redirect outbound non-proxied traffic to a "wrong browser" page.
Re: (Score:2)
Fire the incompetent morons who wrote said application in the first place. That's a start, at least.
Re: (Score:2)
See, that's your real problem: whoever bought that application, in the first place, should be fired. When you're buying a web-based application, you make sure it works on every browser you can get your hands on. If it doesn't, DON'T BUY IT. That's what capitalism is all about. As long as people keep buying sub-standard software, developers will keep selling it and trapping people like you, in the process.
Re: (Score:2)
Unfortunately, the limitless funds do not allow you to turn back time and change the past. You're in the here and now. And you have to deal with what you got.
Sorry that you get the brunt here now, but I'm sick of all those "And here's your problem: You should have..." answers. Maybe I would have. Unfortunately, either I get called when the train wreck already hit the wall or the carefully laid out plan you might have gets axed because some buttkisser found a way to "do it cheaper" and "get the same results"
Re: (Score:2)
I suppose I can't argue with you there, but that mistake could easily have been avoided by anyone with half a brain, even as much as 10 years ago. While I'm sure someone will try to tell you "hindsight is 20/20", sorry, that's BS, in this case.
That should be plenty easy, now.
Re: (Score:2)
10 years ago I was in a very different position, and so was the world. Security wasn't as big an issue as it is today (back then, you could even sensibly consider me too scared, today I'm honestly wondering if I'm scared enough). Yes, from the point of view, today, it is totally idiotic to write it that way, but I can only speculate what led to this decision. I'm not so sure it is as clean cut as you make it.
And I'm not so sure either that this problem is something that lets you easily convince a manager th
Re: (Score:2)
> When you're buying a web-based application, you make sure it works on every browser you can get your hands on.
_Every_ browser? seriously? Then we'd have to ditch this newfangled web thang and go back to VB-style client/server apps.
We do test for IE7 and Firefox, and are currently testing and deploying IE8. Chrome still has loads of site-compat problems. Opera has really improved over the years, but even with the latest 10.5 version things remain broken, even on well-trafficked public sites like Google
Re: (Score:2)
Is it just me, or do a lot of these exploits bank on the fact you have ActiveX enabled for most/all sites?
I figure a computer running IE6 will be more secure if ActiveX is enabled on a site-by-site basis AND if ad-blocking is done to prevent most malicious code from slipping through via other methods.
Re: (Score:2)
It's one thing if you have inherited the situation. The time to solve this problem was when the apps were being deployed in the first place. It was possible then to design them using the subset of HTML that worked everywhere. Anything HTML designed that way then works find on any of the modern browsers now. The update to the latest IE, Safari, Firefox, whatever would be trivial.
Failing that, a solemn agreement that you could have the head of whoever vetoed the above on a platter if it ever became a problem
Re: (Score:2)
I was actually cooking up a stink about wanting that idiot's head on a platter, until a kind soul informed me that it might be unwise to want that, considering just who was the head cheese in the decision making back then.
It's a real career stopper 'round here to piss on people who could axe you...
Re: (Score:2)
The last reason why most companies use IE is support. You may like that Firefox auto updates, but for locked down boxes this isn't good. Why oh why won't firefox install an update service that could run as a power user. Another thing that could get users off.
++ this. In my workplace, the issue of Firefox has come up multiple times and each time the answer is 'WHEN there is a way of centralling updating it each time a patch comes out and not before'.
I think the answer is going to be 'write a batch/AutoIt3 file to manually script a full install for every patch release', which is not terribly ideal. Compared to WSUS which Just Works and the users never notice.
Firefox guys, PLEASE provide a central update patching service that integrates with Active Directory. Unti
Re: (Score:2)
I can't help with the AD part, but here's your central patching service:
for host in `cat /storage/enterprise/Workstations.txt`; do ssh root@$host "yum -y update"; done
done :)
Re: (Score:2)
Urmmm, you do realize that ActiveX is WHY IE has such a checkered security history. It's part of the problem, not part of the solution.
Some of your arguments suggest being stuck with IE, but don't explain the persistent refusal to upgrade to a decent(ish) version of IE.
Re: (Score:2)
Also, you can rant all you want about IE6, and I'll mostly agree with you, but this exploit also affects IE7, and that's not nearly so old.
Re: (Score:2)
My car is over 7 years old, and still going strong. I'm sure the hardware at work isn't 10 years old, but I just recently upgraded from 10 y/o software to 5 y/o (SQL 2000 to SQL 2005). IE6 is hardly the only "old" software we use.
Re: (Score:2)
Do you still use 10 year old PC's? Do you use 10 year old cars?
PC? Not quite, but getting there - 8 years, I think. When were 1 Ghz Athlons and 20 GB IDE HDs in vogue? Cos that's what I'm still using as my primary Ubuntu box, and it works just fine thanks.
Car? Definitely yes.1988 Mazda, runs as sweet as the day it was assembled.
Microwave? Mid 1980s.
Washing machine? 1970s model, still works fine.
Noticing a pattern here?
Re: (Score:2)
While I'd like people to mod you up, I feel that, for full disclosure, I should point out:
Yes.
I have two cars. One is 11 and the other is 16.
Re: (Score:2)
The problem is very simple, it is a constant cost factor to keep up-to-date. New versions are released so often after all, nearly every 2-3 years. Who can keep up?
Hello Mr Dark Ages Guy!
eix-sync && emerge -auDNtv world # note: no cost involved.
Welcome to the 21st century!
Re: (Score:2)
Do you use 10 year old cars?
Well... yes. What else would I use? The only realistic alternative to using a 10+ year old car is to not use one at all.
With new cars being priced such that only the very wealthy can afford them, the second hand market is several times larger than that of the new car market.
Generally one can buy say a 10 year old car (maybe 8-9 years if one finds a bargain) and run it for a further 5-10 years. Mind you, I'm talking Japanese cars here. American cars might be somewhat... diffe
Re: (Score:3, Funny)
WTF?
YES! At my mid-sized company, we continue to use innumerable PCs which are far more than 10 years old. You think IE8 runs on Windows 98?
Incidentally, my PCs at home are also getting close to 10 years old, now:
100MHz firewall/router which consumes all of 7 watts.
1.2GHz Duron as my desktop, which I dare not replace for the immeasurable difficulty in finding a new system that fully supports
Re: (Score:2)
Then you just find one person hanging on a rope somewhere in a basement instead of two guys in suits duking it out in the server room.
Let's get ready to rummmmmmbbbbbbbbllleeeeeeeee!
Re: (Score:2)
Remember all those years ago when the idealists in LaLa land said it will be important to stick to the most basic and universal features of HTML and never ever do things that require special tweaks that just happen to work on one particular browser?
They suggested keeping the look and feel of all those web apps simple and functional.
Now you know why they were absolutely positively right!
Too bad that the crowd that wanted the sleek corporate look using all the tricks in the book won the argument!
Re: (Score:2)
The kicker about it is that the app actually looked as slick and comely as a mule's ass.
My guess, after perusing the code a bit, is that this was the outfall of the dot.com wake, when our adult education programs pumped out web designers, out of courses that were for some mysterious reason often sponsored by a certain big company based in Redmond. Call me a conspiration theorist, but I have this hunch that those courses were stacked towards teaching stuff that only works on IE...
Re: (Score:2)
Not just "fear". The IT department at my company has tested, and they KNOW anything newer than IE6 is incompatible with a decent array of intranet applications, including the company intranet (which was built on a commercial CMS that has since folded, so all that information has to be moved to a new CMS). They've also had to go out and find the usual rash of departmental applications that people wrote in Excel with VBScript, or Access, with a FrontPage front end, and figure out how many of those would sur
Re: (Score:2)
You know that 'crazy' guy who said those apps made him sick and who went on and on about appropriate standards, avoiding fads and all that rot? The one who said that IE only should be an absolute disqualification? The situation you outlined is what happens when you ignore him and buy whizz bang apps that get really picky about which exact browser you use.
I know such guys were out there back then, I was one of them. Nobody who listened to me back then has your problem now.
Re: (Score:2)
So was I, for the record. But that was many moons and several companies ago. And the shop I worked for back then has the same problem.
Sample 'sploit code? (Score:2)
They use IE, do you think they care? (Score:5, Funny)
If you are still using IE, then a mere goatse is not going to change your mind.
Re: (Score:2, Insightful)
It's great to know not to use IE if you're supporting yourself and your parents. It's a completely different world when you're supporting an entire organization.
Re:Internet Explorer and News for Nerds (Score:5, Insightful)
It's great to know not to use IE if you're supporting yourself and your parents. It's a completely different world when you're supporting an entire organization.
In that case, it's not like you can do anything about it anyways. If you had the power to change that, hopefully you would have done it by now.
Re: (Score:1)
The problem is not that the "helpdesk" people are stupid, it's that in a lot of cases, the companies they do business with have "extremely important programs" that are used constantly that REQUIRE IE6 or IE7. I don't do helpdesk work, but I do help out from time to time in my small company. Everyone here just about uses FF for everything they can, and use IE when they absolutely have to.
User education is important. It's simple, just tell them "to be safe, do any non-work related surfing (let's be honest,
Re: (Score:1)
Um, I would say, if you're supporting an organization, you should definitely know that it should have switched away from all version of IE years ago.
And if you have internal software that requires the use any version of IE, what steps have you taken to make it work with other browsers that at least aren't the main focus of widespread internet attacks. And the same goes for Adobe's push I remember reading about a couple years ago for trying to get enterprises to build their internal apps in Flash instead of
Re: (Score:2, Informative)
And I missed including the obvious extension to this, namely, you would be transitioning your company off Windows software, which is the most attacked software in the world.
Other OS's may be equally or more vulnerable, but no other is more exploited than Windows.
Re: (Score:2)
What organization do you support? What apps are your users using? When was the last time an IE exploit caused problems for your organization?
It's really easy to throw around the word "should". What's the reality of your day to day situation?