Sunday, June 13, 2004

There seems to have been quite a string of Internet Explorer spoofing exploits being released lately, including at least one zero-day (i.e. undiscoverd) being used by scammers. And the latest one makes it even scarier - full-on make-it-look-like-SSL spoofing.

Surely the benefits to a newcomer of IE (e.g. you don't have to install anything) have been so outweighed by the holes in it now (easily spoofed, programs run locally on click, etc) that there is no real reason to NOT tell people to switch to a different browser :) Patches may come out, but beginners tend not to check for them, install them, or know they're there. Plus, zero-day exploits render them kind of useless anyway.

Maybe someone out there sends out a free "alternative software" CD. And if not, someone should. And maybe redirecting people away from a website is a good idea if their software isn't patched ;) (ok, mostly j/k, but I can't think of any easy way to tell people that they're open to abuse...)

No comments: