Slashdot Mirror
State of Colorado Calls Firefox Insecure, IE6 Safe
linuxkrn writes "The State of Colorado's Office of Technology (OIT) has set up a work skills website. The problem is that the site says 'DO NOT use FIREFOX or other Browsers besides IE. It has been decided that Mozilla based, non-IE browsers pose a security risk.' (Original emphasis from site.) If the leading IT agency for the State is making these uneducated claims, should the people worry about their other decisions?"
Email:
oit@state.co.us
Phone:
303-866-6060
Fax:
303-866-6454
US Mail:
Governor's Office of Information Technology
1580 Logan St., Suite 200
Denver,CO 80203
Actually the site doesn't work whether you're using Internet Explorer or Firefox. It looks worse with Firefox because they are using some of the non-standard display tags that cause components to overlap if using a standards compliant browser. Regardless of the browser used, the result is the same: failure.
http://www.colorado.gov/cs/Satellite?c=Page&cid=1165692953912&pagename=OIT-New%2FOITXLayout
oit@state.co.us
-- There is no truth. There is only Perception. To Percieve is to Exist.
It's not being run off someones desktop - the developer in question forgot to turn debug symbols off. Debug symbols in .NET include sourcecode filenames and line numbers on Windows.
#!/bin/csh cat $0
Relevant text in case of site slashdotted:
<head>
<meta http-equiv="Content-Language" content="en-us">
<meta name="GENERATOR" content="Microsoft FrontPage 6.0" >
<meta name="ProgId" content="FrontPage.Editor.Document" >
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252" >
<title>Welcome to The Colorado Department of Labor and Employment</title>
<link rel=stylesheet href="/commoncomponents/contentstyles.css" type="text/css">
</head>
I can't believe you don't know what a Hasemalphaginnojinglanaporphomism is.
Contact information is here. Don't try to contact them using the link in the summary, it doesn't work.
One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
Secunia states that Firefox3 has less critical issues:
http://secunia.com/advisories/product/19089/
While IE6 and IE7 have moderate problems. Making IE less secure:
http://secunia.com/advisories/product/11/
http://secunia.com/advisories/product/12366/
Firefox3 also has only 1 issue unpatched, while IE6 has 22 open issues.
It used to say:
It looks like they removed the message about Firefox being insecure. Google doesn't have a cache of the page, but you can see it in the summary:
http://www.google.com/search?hl=en&q=http://www.coworkforce.com/Skills/myskills.aspx+Firefox+security&btnG=Search
You can clearly see the text: "DO NOT use FIREFOX or other Browsers besides IE. It has been decided that Mozilla based, non-IE browsers pose a security risk."
Javascript + Nintendo DSi = DSiCade
These can be insecure. In fact, some were designed as trojans. See the Vladuz saga, who cracked eBay site admin accounts - in part through a Firefox plugin designed to this purpose, and hosted on the firefox plugin site!
When any goof startup can create social-network connectors or picture-browsing extensions, Firefox abdicates a good part of its inherent security advantages. Use these at your own risk. We won't touch FF privacy concerns with the Google relationship, and how hard it is to keep FF from reporting to GOOG as a default. IE is as bad with their parent.
I do think the warning about FF IS misplaced. Our biggest current risk is simply the Adobe PDF file-format. You don't even need to OPEN the file to execute code! Whee!
"Speaking the Truth in times of universal deceit is a revolutionary act." -- George Orwell
The Colorado Departent of Labor and Employment regrets that this service is unavailable at this time.
(We like Firefox too...and safari.....and chrome...)
Its pretty funny what a good slashdotting will do.