Google joins the 'kill-IE6' campaign
Updated: I too have joined the fight. I’ve added a plug-in to this blog to warn users visiting this site using IE6 or an even older browser ( yes, there’s some of the too ) to upgrade immediately due to security risk.
If you’ve followed the Google-China affair, you may have read that the now infamous Microsoft Internet Explorer 6(IE6) browser was the vulnerable component that lead to Google being hacked by parties in China. Microsoft has since urged users to update their browsers. France and Germany even went as far as warning users to choose an alternate browser.
Google has now announced that it will drop support for IE6.
“We’re going to begin phasing out our support, starting with Google Docs and Google Sites,” said Rajen Sheth, senior product manager for Google Apps, in a Friday entry on the company’s enterprise blog . “As a result, you may find that from March 1 key functionality within these products — as well as new Docs and Sites features — won’t work properly in older browsers.” Google Sites is the search engine’s free Web hosting service.
IE6 is the second most popular browser used by users to access this blog. This is a nine year old browser, people. Upgrade today!
|
William J McBorrough is a Security Expert with many years of success Managing, Designing, and Implementing medium and large enterprise Physical and Information Technology Security Solutions. His experience spans the spectrum from small e-commerce start-ups to multi-campus state and federal agencies to global financial sector organizations. He is on the faculty of various universities including University of Maryland University College, EC-Council University, George Mason University and Northern Virginia Community College where he conducts research and teach graduate and undergraduate courses relating to cybersecurity, cybercrime, cyberterrorism, and information security and assurance. He holds a Bachelors of Science in Computing Engineering with a concentration in digital networks and a Masters of Science in Information Security and Assurance. He is a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified in Risk Information System Control (CRISC), and Certified Ethical Hacker (CEH).He is well versed in personnel, systems and network security risk management. His core competencies include Developing cost effective solutions to enable mission assurance in the following areas: Enterprise Risk Management, IT Governance, Security Organization Development, Information Security and Assurance
|
Related posts:
- Google Informs users of terminination of support for IE6
I received this email from the good offices of Google today: In order to continue to improve our products and deliver more sophisticated features and performance, we are harnessing some... - "Show me the malware"- says Google
A fews weeks ago, I had a discussion with a student who wondered why Google provided you links to malicious sites in its search results. Her point was that Google... - Enter the Dragon browser, the more secure Google Chrome
The open source engine that forms the basis for Google’s Chrome has spawned an ostensibly new browser, Comodo’s cleverly named ‘Dragon’. Internet Explorer might be the most used, Firefox the... - Google Toolbar caught tracking users when 'disabled'
Does anyone doubt that Google’s ultimate goal is nothing less than world domination?? That’s besides the fact that the concept of “privacy” on the Internet is a myth. The sooner...
Where I used to work, (we supported two countries, an entire franchise), 70% of our Servers (Terminal Servers) had IE6.
I almost got fired for upgrading 60% of the servers to Internet Explorer. In the same meeting I quit, as a Security enthusiast, I couldn't work under those conditions. This happened just over 2 months ago.
Thanks, Valm. I will certainly add this plugin.
Sometimes there are business decisions preventing such an upgrade. For example, if there are business critical applications that are compatible either with IE6 and not more recent versions of the browser. Depending on the cost of such an upgrade, management might decide to accept the risk of continuing to use a older, more vulnerable browser.
Now for a company whose business is amassing sensitive data of others ( i.e. Google ), continuing to use IE6 is inexcusable.
I'm talking about sensitive data, 10s of thousands transacted per place (hundreds of 'places')
I agree with you but most large organizations treat security as overhead and only put controls in place when they are forced to. I'll bet if one of their servers got hacked due to an IE6 vulnerability, they would think twice about upgrading. My point still stands that a cost/benefit analysis will have to be done and sadly, some some organizations may still find the running thousands of systems with IE6 is an acceptable risk versus the cost of upgrading.
The problem with this particular organisation is they had neither the advantages of little to no security nor did they have the advantages of high security.
They had the WORST of both worlds, if you see what I'm getting at.
(0 updates, 0 programs installed, hardware=terrible, products=overpriced, warez=true, project time=350*amount it should)
Did you have a CISO or Security staff ? I'm guessing not.
I'd be interested to know how you made the case for the increased security measures you wanted to take. Did you explain the obvious benefits? Sometimes management has to be led.
I explained the obvious benefits of both designs, and informed them of how there current design wasn't taken advantage of either.
(High-Security, Low Security | Forest/Tree Architecture, Standalone Architecture)
I gave them so many suggestions on how to fix the issues, that I was disallowed from sending ANY suggestions.
Which is the main reason I left.
Sounds like a no win situation. Sometimes only a major security breach can jar folks into action.
To be honest, I’d be surprised if even a breach would knock sense into them…