RadioRadio
Tuesday, September 3, 2002[2:50:24 PM]
Have you patched Windows today? Oops! There's no patch:
"Starting immediately, all e-commerce sites have a duty to warn vulnerable IE users to switch to another browser for sensitive transactions." -- Brian Livingston [infoworld.com].
Also note that putting the SSL functionality into the operating system is the reason this is a problem for Microsoft. KDE fixed the same problem in a day. And merging web browser features with the operating system was done specificly with the intent of destroying a well-funded competitor (Netscape). Thus a security flaw that will be very hard to fix was imposed on their customers by a monopolist to use their existing monopoly to drive a new competitor in a different market out of business.
Bring us their heads!
And if you run an ecommerce website and *don't* warn your customers against using Internet Explorer, you should first determine that you are willing to risk bad will, bad publicity, and law suits. It would be extraordinary negligence to claim that the transaction is safe when, in fact, you know that it is not.
© Copyright 2002 john robert boynton.
Last update: 10/8/02; 11:16:29 PM.