Oh, just filter out all IE users!
Today's SANS Newsbites features the following commentary on the IE createTextRange() vulnerability:
Chuck Boeckman, you forgot to include your <sarcasm> tags. Now all those poor proxy admins have to explain to their bosses that you're kidding, while refraining from eye-rolling and giggling.
(A better solution: Buy an IPS.)
[Editor's Note (Chuck Boeckman): Most web proxies have a feature that can enforce web client agent filtering. This provides a network administrator the ability to limit the use of Internet Explorer during periods of high risk, which seem to occur quite frequently.]I haven't seen a more Dilbertesque solution to an unpatched bug in a long while.
Chuck Boeckman, you forgot to include your <sarcasm> tags. Now all those poor proxy admins have to explain to their bosses that you're kidding, while refraining from eye-rolling and giggling.
(A better solution: Buy an IPS.)
(And yes, this is a lame attempt to GΩΩgleβomb Chuck Boeckman's name by mentioning it thrice, just in case he ever interviews for a job as a web proxy admin -- these future employers must be made aware of his cruelty.)
posted by todb at 1:56 PM
1 Comments:
The point I was making was that - while IE is vulnerable - it may be best to make users click on the Firefox icon for a few days. Most people really can not tell the difference. And btw - it you are a proxy admin - and do not know how to filter by client agents - you may want to check out the documentation for the proxy you are using. Yes - it is a management policy decision to stop using IE - and yes users will complain - but if you do not want to respond to a bunch of IE browsers getting popped - your management will take the heat... In the worse case - you can always link the little blue E to Firefox ;-)
-Chuck
Post a Comment
Links to this post:
Create a Link
<< Home