Even though Microsoft posted a fix the very next day, two more serious
security holes were uncovered at College Park and MIT that could enable
malicious web site operators to swipe files from your hard drive or even
delete files and folders. So Microsoft fixed THOSE bugs too; patch
instructions are at:
http://www.microsoft.com/ie/security/update.htm
Anyway, bugs make people nervous, causing the owners of popular mailing
lists such as tourbus (> 100,000 subscribers) to issue blanket
statements like "Avoid Internet Explorer, Active X, and Java..."
Of course, they also make sweeping generalizations like "tight coupling
with the Windows operating system... [has necessarily caused] other
nasty surprises as yet uncovered."
And of course the Netscape propaganda engine is in full force:
> If there are any lurking IE bugs, chances are pretty good they'll be
> found and fixed within a few weeks. "Netscape NOW!" is more than a
> catchy slogan - it's good advice for the short term.
What about OmniWeb NOW? What about Lynx NOW?
*blink* *blink*
What about AMAYA NOW???????
Dynamic HTML or no dynamic HTML, interactive content sure does still
have a long way to go. Aforementioned article included below for fun.
Adam
> From owner-tourbus@listserv.aol.com Mon Mar 10 22:08:40 1997
> Reply-To: Bob Rankin <bobrankin@mhv.net>
> Subject: TOURBUS - 11 Mar 1997 - IE Bugs and Caffe Lardo
>
> IS THE EXPLORER NIGHMARE OVER?
> ------------------------------
>
> Maybe. But many security experts point out that the Explorer bugs are a
> direct result of this browser's tight coupling with the Windows operating
> system, so there may be other nasty surprises as yet uncovered.
>
> Adding fuel to the fire is the discovery of a security hole in Microsoft's
> ActiveX code just before this recent spate of Explorer bug reports.
> ActiveX is a technology similar to Java which allows a web browser to
> download and execute mini-programs called applets. Both Java and ActiveX
> have been criticized for having the potential to expose a user's hard
> drive to harm or theft of data. (See the TOURBUS issue "Java and Jumping
> Frogs - August 6, 1996" for some background.)
>
> DADDY, I'M SCARED.
> ------------------
>
> So what's a web surfer to do? First step, don't panic - the web is still
> a safe place. Here are a few steps you can take to keep your precious
> data safe from prying eyes and maintain your cyber sanity...
>
> 1) Stay away from Internet Explorer for a while.
>
> Rest assured that a HUGE amount of attention is being given to this issue
> right now, both inside and outside of Microsoft. If there are any lurking
> IE bugs, chances are pretty good they'll be found and fixed within a few
> weeks. "Netscape NOW!" is more than a catchy slogan - it's good advice
> for the short term.
>
> If you think I'm being a tad harsh, or you can't be bothered to download
> Netscape, so be it. Apply the Explorer patches and take your chances.
>
> 2) Stay away from ActiveX and Java.
>
> Sure, this is cool technology - but there are few practical uses, it
> takes a long time to download the applets, and it carries a risk. Let
> this technology mature for a year or so before you gamble on it. Trust
> me, you won't be missing a lot.
>
> You can turn off ActiveX and Java in Explorer by clicking on
> View-Options-Security and then unchecking the appropriate boxes there.
> In Netscape, the place to go is Options-Network-Languages to disable
> Java. Note that JavaScript is safe and quite useful, so don't turn
> that feature off.
>
> That said, I wouldn't be nervous about temporarily enabling ActiveX or
> Java if something really cool beckons at a site you feel is worthy of
> trust. It's your call.
>
> 3) Visit an absolutely silly web site.
>
> A little perspective, folks... The web is a lot of fun, and when you
> pop in to a site like "Caffe Lardo" you just feel better about it all.
>
> http://www.cs.washington.edu/homes/adam/clark/lardo
>
> The Caffe Lardo Expresso Bar and Bakery is a great menu spoof but it
> requires that you visit the restroom before viewing. It's that funny!
>
> See you next time! --Bob
>
> Special Note: To users of AOL, Juno and others who are wondering
> about that funny-looking jumble at the top of each TOURBUS posting...
> It's a BUS! TOURBUS is meant to be viewed with a monospace font like
> Courier or Fixedsys. Try changing your fonts for viewing or printing
> and you'll see what you've been missing. (Unfortunately AOL users
> can't do much about it. If you know of any tricks to force the use
> of mono fonts, please let me know.)
>
> ========================================================================
> Join : Send SUBSCRIBE TOURBUS Your Name to LISTSERV@LISTSERV.AOL.COM
> Leave : Send SIGNOFF TOURBUS to LISTSERV@LISTSERV.AOL.COM
> Archives: On the Web at http://www.TOURBUS.com
> Advertising: Send e-mail to BobRankin@MHV.net for details.
> =----------------------------------------------------------------------=
> TOURBUS - (c) Copyright 1995-97, Patrick Crispen and Bob Rankin
> All rights reserved. Redistribution is allowed only with permission.
> Send this copy to 3 friends and tell them to get on the Bus!
Don't get on the bus. Take a limo instead with FoRK.
----
adam@cs.caltech.edu
Slimy!? Mudhole?! My home this is!!
-- The Empire Strikes Back