Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: IE is just as safe as FireFox
From: Vincent Archer <var () deny-all com>
Date: Fri, 19 Nov 2004 17:52:10 +0100

On Fri, Nov 19, 2004 at 10:51:43AM -0500, joe wrote:
Autoconfig script may enumerate hosts which don't require a proxy. 
Usually there are a very few intranet servers in corporate network.

You should have prefixed "there are very few... " with one of two things 

1. Relative to the internet...

2. In my experience...

Well, he did say "usually" :)

This is actually the area where IE is so strongly embedded due to its
application interfaces and what MS has been building towards for so long
with it. If you look at this space and compare how firefox renders/operates
next to IE you will see why many companies chose IE as their official
browser even in the face of having more exposure due to security. A lot of
that depends on how the web site is designed/built but there is a lot of
functionality there that can only be reached (and thereby exploited) on IE.
There are companies whose primary LOB applications internally are on IIS
servers and can only be accessed with IE. In those cases it isn't a simple
pick up and replace the browser scenario. 

Even something as simple as OWA (Outlook Web Access), which is often used
as the main component of the corporate "Extranet" is strikingly different.
OWA looks like an average web app when viewed on a Mozilla or similar
browser. OWA looks almost exactly like Outlook when viewed by IE.

Other apps flatly refuse to work with anything but IE. None of these
are strictly "web applications" anymore - they are applications that use
an UI processor, which happens to be the HTML processor as well.

-- 
Vincent ARCHER
varcher () denyall com

Tel : +33 (0)1 40 07 47 14
Fax : +33 (0)1 40 07 47 27
Deny All - 5, rue Scribe - 75009 Paris - France
www.denyall.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]