Slashdot Mirror

← Back to Stories (view on slashdot.org)

State of Colorado Calls Firefox Insecure, IE6 Safe

Posted by timothy on from the sheeps'-bladders-may-be-used-to-prevent-earthquakes dept.

linuxkrn writes "The State of Colorado's Office of Technology (OIT) has set up a work skills website. The problem is that the site says 'DO NOT use FIREFOX or other Browsers besides IE. It has been decided that Mozilla based, non-IE browsers pose a security risk.' (Original emphasis from site.) If the leading IT agency for the State is making these uneducated claims, should the people worry about their other decisions?"

106 of 530 comments (clear)

  1. Attention all personnel by Anonymous Coward · · Score: 2, Funny

    The Education Property has been increased to 128 characters due to popular demand.

    That is all.

    1. Re:Attention all personnel by PIBM · · Score: 5, Funny

      I tried to leave a comment :

      Server Error in '/SKILLS' Application.
      Object reference not set to an instance of an object.
      Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

      Exception Details: System.NullReferenceException: Object reference not set to an instance of an object.

      Source Error:

      An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

      Stack Trace:

      [NullReferenceException: Object reference not set to an instance of an object.]
            Skills.Suggestion.doTheSend() in C:\Documents and Settings\qeuc34\My Documents\Visual Studio 2005\Projects\Skills\Skills\Suggestion.aspx.vb:137
            Skills.Suggestion.sendEmailLink_Click(Object sender, EventArgs e) in C:\Documents and Settings\qeuc34\My Documents\Visual Studio 2005\Projects\Skills\Skills\Suggestion.aspx.vb:127
            System.Web.UI.WebControls.LinkButton.OnClick(EventArgs e) +90
            System.Web.UI.WebControls.LinkButton.RaisePostBackEvent(String eventArgument) +76
            System.Web.UI.WebControls.LinkButton.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +7
            System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +11
            System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +177
            System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1746

      Version Information: Microsoft .NET Framework Version:2.0.50727.1433; ASP.NET Version:2.0.50727.1433

      LOL ?!?

    2. Re:Attention all personnel by Jogar+the+Barbarian · · Score: 5, Funny

      EDUCATION:
      I got a B.S. in computer science at Crazy Go Nuts University, and learned about security, including browsers. And let me tell y

      --
      3. Profit!
      2. ???
      1. On Soviet Slashdot, a Beowulf cluster of alien Natalie Portman overlords welcomes YOU!
    3. Re:Attention all personnel by amclay · · Score: 3, Interesting

      I just tried in all sections. I ended up leaving a message with the Gov. Perhaps the webmaster didn't know anything about web programming?

      --
      It's all fun and games till someone divides by 0. Then it's hilarious.
    4. Re:Attention all personnel by Anonymous Coward · · Score: 3, Insightful

      He at least knew enough to be dangerous and change the default of hiding stack trace information when an unhandled exception occurs.

    5. Re:Attention all personnel by Shatrat · · Score: 5, Funny

      Skills.Suggestion.doTheSend()

      Priceless. 'send()' would have been a boring name for that function.

      First Hosea wins Top Chef instead of an actual chef, and now this.
      I hate Colorado now.

      --
      09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
    6. Re:Attention all personnel by cromar · · Score: 2, Insightful

      Whadya wanna bet it's in VB, too. Backwards institutions seem to love VB.NET!

    7. Re:Attention all personnel by PotatoFarmer · · Score: 5, Funny

      Priceless. 'send()' would have been a boring name for that function.

      Look on the bright side, at least it's spelled right. I'd rather have doTheSend() than excetute(), which some kind soul helpfully made an abstract in one of our base classes, and that has since been propagated across a few hundred other classes that I'm not allowed to refactor. A little piece of me dies every time I see it.

      At least I sort of know who did it, thanks to cvs history. And if I ever figure out who the hell ers4634 is, they'll truly know what it means to be excetuted. Bastard.

    8. Re:Attention all personnel by rachit · · Score: 5, Insightful

      Interesting... stack trace displays are turned off by default from remote sites when using ASP.NET for security reasons. They had to explicitly turn them on to display this.

      I doubt they are the best people to tell others about security...

    9. Re:Attention all personnel by bishiraver · · Score: 3, Funny

      Well, seeing as its stack trace says *vb instead of *cs, I'm guessing it's VB.

    10. Re:Attention all personnel by jgarra23 · · Score: 2, Insightful

      Yea, their site is FAIL on so many levels. The least of which is their lack of a custom error page...

    11. Re:Attention all personnel by Zumbs · · Score: 5, Funny

      Skills.Suggestion.doTheSend()

      Priceless. 'send()' would have been a boring name for that function.

      This is because it's already in use. Just like 'doSend()'. And what do you do when you just happen to need a third 'send()' function?

      --
      The truth may be out there, but lies are inside your head
    12. Re:Attention all personnel by jasen666 · · Score: 5, Funny

      .SendThatBitch() /*if only my bosses ever bothered to read my code comments! They wouldn't be able to keep a straight face while firing me*/

    13. Re:Attention all personnel by GooberToo · · Score: 4, Informative

      The Colorado Departent of Labor and Employment regrets that this service is unavailable at this time.
      (We like Firefox too...and safari.....and chrome...)

      Its pretty funny what a good slashdotting will do.

    14. Re:Attention all personnel by yachius · · Score: 2, Informative

      VB.NET and C#.NET produce identical code once compiled. That may not be a good thing in and of itself but I use VB.NET for small modules myself when getting it done fast is more important than clean, compact code (one time use scripts, reports, etc). Whoever did this is clearly an amateur, but not because they use VB.

    15. Re:Attention all personnel by Anonymous Coward · · Score: 2, Funny

      VB.NET is equally as powerful as C#. You're comment shows your ignorance

    16. Re:Attention all personnel by Bryansix · · Score: 2, Funny

      VB.NET is actually a great programming language. Really for Web Development it's only second to C#.NET.

    17. Re:Attention all personnel by jwhitener · · Score: 5, Funny

      doTheSend()... that is amusing. I think it is even funnier that they left the code in:

      C:\Documents and Settings\qeuc34\My Documents\Visual Studio 2005\Projects\Skills\

      So..I guess they could only afford one copy of Visual Studio, and it is....on the server..../boggle

      And production code running from "My Documents" haha.

       

    18. Re:Attention all personnel by jonaskoelker · · Score: 5, Funny

      they'll truly know what it means to be excetuted. Bastart.

      Broke That For You.

    19. Re:Attention all personnel by theshowmecanuck · · Score: 2, Insightful

      No no no YOUR comment shows YOUR ignorance.

      --
      -- I ignore anonymous replies to my comments and postings.
    20. Re:Attention all personnel by mysidia · · Score: 5, Funny

      This is why they told you not to use Mozilla. It poses a security risk for the site... look, you went and disobeyed the directions and broke it!

      All because you were using Mozilla instead of IE!

    21. Re:Attention all personnel by Machtyn · · Score: 4, Funny

      No no no MY comment shows MY ignorance.

      Wait... what?

    22. Re:Attention all personnel by ers4634 · · Score: 5, Funny

      And if I ever figure out who the hell ers4634 is, they'll truly know what it means to be excetuted.

      Good luck with that. I mean, he could be anyone. ;)

    23. Re:Attention all personnel by symbolset · · Score: 5, Funny

      Server Error in '/SKILLS' Application.

      That may be the most astute error message I've ever read.

      --
      Help stamp out iliturcy.
    24. Re:Attention all personnel by Firehed · · Score: 4, Funny

      Nah, go all the way. inUrMethodSendinUrMessage() or bust.

      --
      How are sites slashdotted when nobody reads TFAs?
    25. Re:Attention all personnel by tritohc · · Score: 2, Informative

      Slashdot is hosted in Cook County.

  2. If I were from colorado.. by Hatta · · Score: 2, Informative

    I'd be writing a nasty email right now.

    --
    Give me Classic Slashdot or give me death!
    1. Re:If I were from colorado.. by djh101010 · · Score: 5, Insightful

      A more sensible approach might involve writing a well spoken, coherent, concise email. No reason to come across as a raving nutter - if someone is considering the "angry rant" approach, I'd suggest that perhaps what they are doing, is the opposite of help.

    2. Re:If I were from colorado.. by Anonymous Coward · · Score: 5, Funny

      Obviously the correct approach is to send them a link to a special web page that will infect their computer if using IE. Once you've taken over their computer, you can use it to change their policies to supporting Firefox.

    3. Re:If I were from colorado.. by Thelasko · · Score: 4, Informative

      Contact information is here. Don't try to contact them using the link in the summary, it doesn't work.

      --
      One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
    4. Re:If I were from colorado.. by Anonymous Coward · · Score: 5, Informative

      Secunia states that Firefox3 has less critical issues:
      http://secunia.com/advisories/product/19089/

      While IE6 and IE7 have moderate problems. Making IE less secure:
      http://secunia.com/advisories/product/11/
      http://secunia.com/advisories/product/12366/

      Firefox3 also has only 1 issue unpatched, while IE6 has 22 open issues.

    5. Re:If I were from colorado.. by ColdWetDog · · Score: 3, Funny

      The feedback button doesn't work, anyways.

      That's just in IE6. Better security that way.

      --
      Faster! Faster! Faster would be better!
    6. Re:If I were from colorado.. by Anonymous Coward · · Score: 5, Insightful

      Based on the speed at which things can get fixed by what are normally lumbering juggernauts when they are seen and reacted to by a million people on the Internet, I'd suggest that ten thousand angry rants are often much more effective than hundreds of extremely well spoken, coherent, concise emails.

      In this case, a massive spew of vitriolic bile targetting squarely at the fools behind that miserably borked IIS site seems warranted, and is likely to be more effective than some pansy-assed coherent "Dear Sirs, I am writing to engage in a discussion concerning what appear to be some personal biases toward the fine products that Microsoft Corporation produces and their manifestation in a minor slight against Firefox, another fine product, on your web blah blah blah..."

      Fuck that. Hoist the pitchforks! Ignite the torches! Geek wrath power ON!

    7. Re:If I were from colorado.. by a_nonamiss · · Score: 4, Insightful

      Why are you linking that stuff here? You think anyone from and IT department that lauds the security of IE6 actually reads Slashdot? ;)

      --
      -Arthur
      Cave ne ante ullas catapultas ambules
    8. Re:If I were from colorado.. by dotancohen · · Score: 4, Interesting

      And what should that email say, exactly? More specifically, to what URLs could I point the devs to an _unbiased_source_ that IE is insecure and Firefox is secure?

      I have this problem with Hebrew websites constantly, in fact, about two hours ago I wrote to a local news website about their IE-only policy. Being able to point them to an unbiased, reliable source to back up the "Firefox is safer" claim would help.

      --
      It is dangerous to be right when the government is wrong.
    9. Re:If I were from colorado.. by dotancohen · · Score: 2, Funny

      Try mailing them colorado . nimp . org
      (link broken for reasons you either already know, or don't want to)

      --
      It is dangerous to be right when the government is wrong.
    10. Re:If I were from colorado.. by slim · · Score: 2, Interesting

      Secunia states that Firefox3 has less critical issues

      Sometimes I correct people on 'less' vs 'fewer', and I get the response that it's obvious what was meant.

      This is one of those occasions when using the wrong word really does change the meaning. And by golly, I checked the page, and you really did not mean 'fewer' as I had expected.

      What Secunia says about Firefox is that the most severe unpatched Firefox bug they know of, they rate as 'less critical'. Whatever that means.

  3. The site looks like... by Anonymous Coward · · Score: 2, Interesting

    something i made back in middle school with Frontpage. Credible sources spouting uneducated banter about things they SHOULD know about and having a website look like THAT? they should be ashamed

    1. Re:The site looks like... by Camann · · Score: 5, Informative

      Relevant text in case of site slashdotted:
      <head>
      <meta http-equiv="Content-Language" content="en-us">
      <meta name="GENERATOR" content="Microsoft FrontPage 6.0" >
      <meta name="ProgId" content="FrontPage.Editor.Document" >
      <meta http-equiv="Content-Type" content="text/html; charset=windows-1252" >
      <title>Welcome to The Colorado Department of Labor and Employment</title>
      <link rel=stylesheet href="/commoncomponents/contentstyles.css" type="text/css">
      </head>

      --
      I can't believe you don't know what a Hasemalphaginnojinglanaporphomism is.
    2. Re:The site looks like... by Adriax · · Score: 4, Insightful

      Very poor odds. Working for a similar state government agency I can tell you the process probably involved atleast 10 weekly or monthly meetings to outline the basic content, a 2 month review process on the outline documentation for the page layout, a 6 month bidding process from prospective contractors to create the webpage, another couple months for a cost/benefit analysis, with the final decision that a frontpage license and either a new permanent position or an expansion of duties amendment (with associated raise) to one of their high up IT people would be the answer. Total time to create that webpage, probably a year and a half to two years.

      --
      I don't suffer from insanity, I enjoy every minute of it!
    3. Re:The site looks like... by a_nonamiss · · Score: 4, Interesting

      I'm laughing my ass off. I've worked with enough government (specifically state) agencies to know that this is not hyperbole. This is probably what actually happened.

      --
      -Arthur
      Cave ne ante ullas catapultas ambules
    4. Re:The site looks like... by quacking+duck · · Score: 3, Insightful

      Lest people think only government wastes monumental time and effort towards something relatively trivial, Microsoft spent a full year working on a feature one of its developers claims could've been done in a week.

      It's a paradox of project management--too many stakeholders or dependencies, and you're going to bog down in red tape. Too few means that no one cares what your project is and won't waste their time helping you, and it'll never see the light of day. Finding a balance is difficult at best in any large organization.

  4. That's just bad by AKAImBatman · · Score: 5, Interesting

    Well, I'm impressed. I tried to send them a message telling them that they're morons. (Though in a more polite manner.) They got right back to me with this message:

    Server Error in '/SKILLS' Application.

    Object reference not set to an instance of an object.

    Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

    Exception Details: System.NullReferenceException: Object reference not set to an instance of an object.

    Source Error:

    An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

    Stack Trace:

    [NullReferenceException: Object reference not set to an instance of an object.]
          Skills.Suggestion.doTheSend() in C:\Documents and Settings\qeuc34\My Documents\Visual Studio 2005\Projects\Skills\Skills\Suggestion.aspx.vb:137
          Skills.Suggestion.sendEmailLink_Click(Object sender, EventArgs e) in C:\Documents and Settings\qeuc34\My Documents\Visual Studio 2005\Projects\Skills\Skills\Suggestion.aspx.vb:127
          System.Web.UI.WebControls.LinkButton.OnClick(EventArgs e) +90
          System.Web.UI.WebControls.LinkButton.RaisePostBackEvent(String eventArgument) +76
          System.Web.UI.WebControls.LinkButton.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +7
          System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +11
          System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +177
          System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1746

    Version Information: Microsoft .NET Framework Version:2.0.50727.1433; ASP.NET Version:2.0.50727.1433

    I love how the site is:

    A) Being run off of someone's desktop. Out of their My Documents folder, no less.
    B) Gives up the username of the machine without so much as a "how do you do"
    C) Shows the world that our amazing admin can't even hack it at C#

    I should check the IIS version. I have a sneaky suspicion that it's not up to date. Or maybe take a cue from Bobby Tables and throw some SQL injection attacks at the site. :-/

    --
    Javascript + Nintendo DSi = DSiCade
    1. Re:That's just bad by interkin3tic · · Score: 4, Funny

      Maybe they're not morons, maybe it's just that the entire state is on the cutting edge of the latest trolling fads? Like, it's so good at trolling that I can't think of how the joke is on everyone, so...

      My head hurts, colorado wins again...

    2. Re:That's just bad by CannonballHead · · Score: 3, Funny

      I wonder if the website was hacked already and its a fake ;) :)

    3. Re:That's just bad by castorvx · · Score: 5, Funny

      On the plus side, his workstation is about to get an HTTP benchmark.

    4. Re:That's just bad by xrayspx · · Score: 4, Funny

      Were you using IE to send your comment?

      --
      I like music
    5. Re:That's just bad by Gwala · · Score: 5, Informative

      It's not being run off someones desktop - the developer in question forgot to turn debug symbols off. Debug symbols in .NET include sourcecode filenames and line numbers on Windows.

      --
      #!/bin/csh cat $0
    6. Re:That's just bad by Anonymous Coward · · Score: 3, Funny

      This is from the site headers:

      HTTP/1.1 200 OK
      Date: Thu, 05 Mar 2009 22:06:53 GMT
      Server: Microsoft-IIS/6.0
      MicrosoftOfficeWebServer: 5.0_Pub
      X-Powered-By: ASP.NET
      X-AspNet-Version: 2.0.50727
      Cache-Control: private
      Content-Type: text/html; charset=utf-8
      Content-Length: 7454

      I love how they have the office web server extensions enabled. Ouch.

    7. Re:That's just bad by Excaliburszone · · Score: 2, Funny

      The error message says it all: "Server Error in '/SKILLS' Application." It seems, from the way the site is designed to how functional it is that the error in the '/SKILLS' Application is that they do not have any.

      --
      Enjoy! -Excalibur
    8. Re:That's just bad by jamie · · Score: 4, Insightful

      I should check the IIS version. I have a sneaky suspicion that it's not up to date. Or maybe take a cue from Bobby Tables and throw some SQL injection attacks at the site.

      No, you really should not do that.

      Sheesh...

    9. Re:That's just bad by Malc · · Score: 2, Informative

      But they do have a production server that's printing detailed error messages on the HTTP response. That's a misconfiguration, and an active choice at some point. Presumably debugging system - maybe they don't have test or staging servers.

    10. Re:That's just bad by davester666 · · Score: 4, Funny

      In other, completely unrelated news, Microsoft announced today that they are opening a new software development center in Colorado.

      --
      Sleep your way to a whiter smile...date a dentist!
    11. Re:That's just bad by Bill,+Shooter+of+Bul · · Score: 3, Funny

      Oh yeah, I'd love to see them try and apprehend Batman. I mean come on, the cops never catch him.

      --
      Well.. maybe. Or Maybe not. But Definitely not sort of.
    12. Re:That's just bad by a_nonamiss · · Score: 3, Funny

      "Please come with us Mr. West."
      "But I don't even have a computer.

      --
      -Arthur
      Cave ne ante ullas catapultas ambules
    13. Re:That's just bad by pembo13 · · Score: 2

      That doesn't mean for sure it isn't on his desktop.

      --
      "Thanks for all the money you paid to us. We've used it to buy off ISO among other things" -Microsoft
    14. Re:That's just bad by Simetrical · · Score: 3, Informative

      It's not being run off someones desktop - the developer in question forgot to turn debug symbols off. Debug symbols in .NET include sourcecode filenames and line numbers on Windows.

      I assume that the grandparent thought it was someone's desktop because of the "C:\Documents and Settings\qeuc34\My Documents\Visual Studio 2005\Projects\" path. It looks like a developer is keeping the project in their own documents and running it straight from the source code there.

      --
      MediaWiki developer, Total War Center sysadmin
    15. Re:That's just bad by Slashcrap · · Score: 2, Funny

      No, you really should not do that.

      Sheesh...

      No, we only condone DoS attacks here at Slashdot.

  5. What do you expect... by dark404 · · Score: 5, Funny

    What do you expect from a state who uses 128 characters to describe a perspective hire's education.
    The Education Property has been increased to 128 characters due to popular demand. Thanks for your patience.

    1. Re:What do you expect... by Gat0r30y · · Score: 4, Funny

      Teachers here in CO often have bumper stickers proclaiming: Welcome to Colorado, 49th in funding for schools. Perhaps there is a correlation, then again, I was educated exclusively in this state so maybe I'm just an idiot.

      --
      Prediction: The real iPhone killer is going to be sex robots from Japan. Think about it.
    2. Re:What do you expect... by Bob+Uhl · · Score: 2, Informative

      Teachers here in CO often have bumper stickers proclaiming: Welcome to Colorado, 49th in funding for schools.

      I've lived here for over a decade and have never seen one of those. Moreover, the numbers show that's clearly not the case.

    3. Re:What do you expect... by Brandybuck · · Score: 3, Informative

      Funding has very little correlation with the quality of education. California is bankrupting itself funding education, yet is quite lackluster in its educational quality.

      --
      Don't blame me, I didn't vote for either of them!
  6. Who's on first? by esocid · · Score: 4, Funny

    Must use IE. Windows is unsafe. FF is not.

    Head asplodes.

    --
    Absolute power corrupts absolutely. indymedia
    1. Re:Who's on first? by Tubal-Cain · · Score: 3, Insightful

      Use Safari, Chrome, or Opera!

    2. Re:Who's on first? by Zumbs · · Score: 2, Insightful

      No, no, no! Use Lynx!

      --
      The truth may be out there, but lies are inside your head
  7. The Decider by janeuner · · Score: 2, Funny

    He decided.

  8. Another reason by citricshooter · · Score: 3, Insightful

    From their FAQ: "Can I use Firefox or another Browser? No! For security reasons, and some significant processing issues as well, the only supported Browser is Internet Explorer Release 6 or later." I suspect the processing issues are the real reasons and they are trying to scare people into not using Firefox so they don't get the phone calls about their site not working.

  9. Here's How to contact them by Anonymous Coward · · Score: 5, Informative

    Email:

    oit@state.co.us

    Phone:

    303-866-6060

    Fax:

    303-866-6454

    US Mail:

    Governor's Office of Information Technology

    1580 Logan St., Suite 200

    Denver,CO 80203

  10. Re:Nice quote by inthedump · · Score: 2, Funny

    Maybe their size is "Micro" and its always "Soft".

    --
    nobody remains virgin, life fscks everyone...
  11. PEBKAC by Devil's+BSD · · Score: 3, Informative

    Well, they're mostly wrong, but partially right. All things considered, the biggest security risk isn't the web browser used, it's the incompetent organic mass between the keyboard and the chair.

    It still amazes me how many people really think they're the 1,000,000th visitor to a site, and that they've actually won something because of it.

    --
    I'm the Devil the Windows users warned you about.
    1. Re:PEBKAC by residieu · · Score: 5, Funny

      Yeah, you're not really a winner until you successfully punch the monkey.

  12. Re:But does the site still WORK with Firefox? by Aelyew · · Score: 5, Informative

    Actually the site doesn't work whether you're using Internet Explorer or Firefox. It looks worse with Firefox because they are using some of the non-standard display tags that cause components to overlap if using a standards compliant browser. Regardless of the browser used, the result is the same: failure.

  13. "It has been decided" by Banichi · · Score: 2, Interesting

    I love seeing statements like this from nominal authority figures.

    'Look on my works, ye Mighty, and despair!'

    1. Re:"It has been decided" by Qzukk · · Score: 2, Funny

      I'm despairing, all right.

      --
      If I have been able to see further than others, it is because I bought a pair of binoculars.
    2. Re:"It has been decided" by ColdWetDog · · Score: 2, Funny

      So Colorado's OIT hired Ozymandias?

      Quite possibly. The state's IT infrastructure seems to come from that general time frame.

      --
      Faster! Faster! Faster would be better!
  14. Contact info for OIT by XenonOfArcticus · · Score: 4, Informative

    http://www.colorado.gov/cs/Satellite?c=Page&cid=1165692953912&pagename=OIT-New%2FOITXLayout
    oit@state.co.us

    --
    -- There is no truth. There is only Perception. To Percieve is to Exist.
  15. From the site by symes · · Score: 4, Funny
    From the site:

    "Questions and Answers"

    "Can I use Firefox or another Browser?"

    "No! For security reasons, and some significant processing issues as well, the only supported Browser is Internet Explorer Release 6 or later."

    "What if I have a Skill that isn't listed?"

    "The "Suggestion" tool enables you to communicate directly with the Administrators. We will research your proposed Skill with your input and agreement."

    I'd like to learn how to make web pages. Think I might see if I can tap these guys expertise. Anyone else fancy coming along?

  16. Mozilla by zogger · · Score: 5, Interesting

    Mozilla is an actual bona fide business allied with google among others, and as such I hope they sue the living snot out of that agency for making such a public claim. This sort of thing is no freakin joke. If they do, I would be interested to see what comes out in discovery with the actual human bureaucrats involved in setting this policy and posting that.

  17. That's the opposite of what the DHS said by Anonymous Coward · · Score: 4, Interesting

    So now Colorado thinks they're smarter than the feds?

    Not long ago the DHS said to avoid IE and use firefox for security reasons.
    http://www.google.com/search?q=dhs+avoid+ie

  18. Re:Their FAQ page... by memorycardfull · · Score: 4, Funny

    http://www.sciencemadesimple.com/sky_blue.html The answer to "Why is the sky blue?" is reproduced from copyrighted material at sciencemadesimple.com

  19. Re:firefox and mac by PIBM · · Score: 3, Insightful

    The correct comparison would be this.

    Gun #1: Kills each and every gunman when they don't expect it. You are not even pressing the trigger. But you sure as hell do know they kill the gunman.

    Gun #2: You know that a gunman can be killed once in a while, but when it happens somebody will deliver you with upgraded guns preventing it from happening again in a small amount of time.

    TY, I'll keep FF

  20. Re:firefox and mac by h4rr4r · · Score: 4, Insightful

    Ok, so explain why apache is less exploited than IIS. It is used far more.

    Your little idea is cute and has been proposed by many before, and just like then it is wrong.

    Also you should investigate your keyboard it seems to be broken.

  21. Re:firefox and mac by Qzukk · · Score: 4, Interesting

    The site does not say "firefox may not be secure" they're saying "firefox poses a security risk". One of them is a statement of fact that they do nothing to back up, the other one is an opinion which may or may not be valid, but is theirs to hold.

    I wonder if what they meant was "our site looks like crap in firefox so please don't use it". Or maybe by "poses a security risk" they mean "the secret fields we spent hours figuring out how to hide behind other stuff refuses to stay hidden in firefox, so using it is a risk to OUR security".

    --
    If I have been able to see further than others, it is because I bought a pair of binoculars.
  22. Re:Yes and no by h4rr4r · · Score: 2, Insightful

    Build your own firefox installer with whatever changes you need and then make an msi and distribute that.

    This is so easy even a windows admin can do it.

  23. Why? by Greyfox · · Score: 4, Funny

    I can just drive down there and slap them in person...

    --

    I'm trying to teach myself to set people on fire with my mind... Is it hot in here?

  24. Message from the State Chief Information Officer by terminalhype · · Score: 3, Informative

    Message from the State Chief Information Officer
    Michael Locatis, State CIO
    "As the Chief Information Officer for the State of Colorado, my role is to provide the momentum and strategy for wide-ranging activities from promoting high end research and development of cutting edge technologies to creating strategies for service delivery supporting the day to day operations for the State of Colorado - thereby making a difference in the lives of the people of Colorado and delivering Governor Ritter's 'Colorado Promise'."

    http://www.govtech.com/pcio/articles/386146
    Colorado Gov. Bill Ritter and CIO Mike Locatis Launch IT Consolidation
    Aug 21, 2008
    Before his Cabinet appointment in Colorado, he was CIO of Denver, where he showed his centralization skills (and caught Ritter's attention) by consolidating 20 separate municipal and county departments into a single, citywide IT agency. It's also where Locatis learned how fragmented the state's IT systems were.

    "It was while I was working in local government that the issues surrounding state IT were immediately apparent because they impacted how services were delivered at the local level," he said.

    Before becoming a public-sector CIO, Locatis was the senior director of enterprise technology strategy for Time Warner Cable Inc., part of Time Warner Inc., a Fortune 50 company and the country's largest entertainment firm. Locatis honed his skills at aligning customer-service delivery systems, standardizing desktop capabilities and managing tech and support teams for huge enterprise resource planning applications.

    Despite Locatis' knowledge of the state's IT systems' problems, he wasn't expecting the mammoth job he faced. "It was significantly siloed and fragmented IT delivery, which was a root cause of a lot of the issues - including inefficiencies, a lack of leveraging an enterprise approach and just about every [IT] department in the state doing its own thing," he said.

  25. the sad truth of the matter by Joe+Snipe · · Score: 3, Interesting

    The state of colorado made attempts to be "ahead" of the curve when it came to an online presence (see also denvergov.com and the atrocity that is netfile; we were one of the first states to have online tax filing). Unfortunately they hired people who knew ass all about javascript (or proper DB handling) and no one knew enough to stop it in it's infancy. Now it has snowballed into something too costly to replace and too borked to simply repair.
    I imagine someone told some user that ff was a security risk, rather than go into the technical details of why the site falls to crap on browser it was never tested for. Eventually, through what I like to call "the wiki effect" that same information got passed back as fact to the current web coders who promptly put up a notice to inform their end users.

    Even still, fail.

    --
    Sometimes, life itself is sarcasm...
  26. HTML compliance by Tubal-Cain · · Score: 2, Interesting

    That site looks horrible. Ironically, according to the W3C's "Markup Validation Service" it has 21 errors with it's HTML. Less than Google's homepage.

  27. Where does it say FIrefox is insecure? by whoever57 · · Score: 3, Informative

    I just looked at the site and I see nothing indicating that FF is insecure. In the FAQ, it does say the IE6 and later are the only supported browsers ("for proper operation"), but "unsupported" is not the smae as "insecure".

    --
    The real "Libtards" are the Libertarians!
    1. Re:Where does it say FIrefox is insecure? by DanWS6 · · Score: 4, Informative
      They edited the faq and removed that text.

      It used to say:

      Can I use Firefox or another Browser?

      No! For security reasons, and some significant processing issues as well, the only supported Browser is Internet Explorer Release 6 or later.

    2. Re:Where does it say FIrefox is insecure? by AKAImBatman · · Score: 5, Informative

      It looks like they removed the message about Firefox being insecure. Google doesn't have a cache of the page, but you can see it in the summary:

      http://www.google.com/search?hl=en&q=http://www.coworkforce.com/Skills/myskills.aspx+Firefox+security&btnG=Search

      You can clearly see the text: "DO NOT use FIREFOX or other Browsers besides IE. It has been decided that Mozilla based, non-IE browsers pose a security risk."

      --
      Javascript + Nintendo DSi = DSiCade
    3. Re:Where does it say FIrefox is insecure? by totally+bogus+dude · · Score: 3, Informative

      Well IE still requests the file (it has to, otherwise it doesn't know what the filename or content-type is). Any naive script that flags the downloaded as having commenced when it first starts serving the data will treat an IE click-and-cancel the same as a Firefox click-and-cancel. Even scripts that wait until it's finished sending the data are likely to be allowed to complete by the web server, since aborting scripts in the middle of execution can be problematic. Most servers take the "safe" approach by default: let the script finish running and just throw its output away if the client disappears.

      It looks like IE doesn't acknowledge receiving the data at the TCP/IP layer, and instead plays funny games with the TCP window size (setting it to 0) in order to stall the connection until the user decides what to do. It also seems to send 30+ duplicate ACKs for some reason. However all this is transparent to the web application; at best it'd just seem like a lossy TCP connection.

      Interesting to see that IE7 still has the "unbelievable transfer speed" bug in that if you click on a link for a file download and take a while to decide where to put it, the initial transfer speed it shows is ridiculously high because it's already downloaded a few hundred kilobytes of the file before it starts the download speed timer.

  28. Re:But does the site still WORK with Firefox? by Chabo · · Score: 2, Insightful

    To be fair, writing .NET code in VB is exactly the same as writing it in C# -- compile them both and you get CIL code. Although I agree that these guys are likely incompetent, it's not fair to say "anyone who writes in VB is incompetent at programming".

    --
    Convert FLACs to a portable format with FlacSquisher
  29. Re:firefox and mac by Tubal-Cain · · Score: 3, Interesting

    One of them is a statement of fact that they do nothing to back up, the other one is an opinion...

    ...stated as fact.

  30. Add ins by Philip+K+Dickhead · · Score: 4, Informative

    These can be insecure. In fact, some were designed as trojans. See the Vladuz saga, who cracked eBay site admin accounts - in part through a Firefox plugin designed to this purpose, and hosted on the firefox plugin site!

    When any goof startup can create social-network connectors or picture-browsing extensions, Firefox abdicates a good part of its inherent security advantages. Use these at your own risk. We won't touch FF privacy concerns with the Google relationship, and how hard it is to keep FF from reporting to GOOG as a default. IE is as bad with their parent.

    I do think the warning about FF IS misplaced. Our biggest current risk is simply the Adobe PDF file-format. You don't even need to OPEN the file to execute code! Whee!

    --
    "Speaking the Truth in times of universal deceit is a revolutionary act." -- George Orwell
    1. Re:Add ins by zanybrainy941 · · Score: 4, Interesting

      When any goof startup can create social-network connectors or picture-browsing extensions, Firefox abdicates a good part of its inherent security advantages. Use these at your own risk.

      Any goof can create them, but *not* any goof can *publish* them on the Mozilla site. Mozilla has over the last couple years instituted a number of strict review guidelines and tests that an add-on must pass before it's published by Mozilla. Every add-on and add-on update is code-inspected line-by-line by a human editor. Mozilla has staffed up specifically in support of the add-ons site, and the number of code reviewers has grown dramatically in recent months. Reviewers keep a sharp eye out for remote code execution, violations of user expectations of privacy, and anything that detracts from user experience. Additionally, automated red-flag detection tools are now in the works.

      Bottom line: do not install plugins and extensions in Firefox from sites other than addons.mozilla.org. With AMO, every single extension and extension update is inspected and reviewed before being published on the site. It's the only way to be sure.

    2. Re:Add ins by andy.ruddock · · Score: 2, Informative

      With the appropriate permissions set on the server there's no reason why ftp can't be used as a valid method of sending information and uploading files.
      A username/password pair on the screen helps a little to prevent automated abuse of the system, although it's still essentially anonymous ftp upload.

      --
      God: An invisible friend for grown-ups.
  31. That's simple? Here's _simple_! by Xtifr · · Score: 4, Funny

    Oh yay, another great example of providing a technically correct, but thoroughly misleading answer. "To answer these questions, we must learn about light, and the Earth's atmosphere." No, you mustn't. Ok, you need to learn one thing: "the sky is blue because air is blue" (from Recurring Science Misconceptions in K-6 Textbooks). All that crap about Rayleigh scattering and frequencies of light is...well, it's true but it's generally beside the point.

    Q. Why is my shirt red?
    A1. (bad) To answer these questions, we must learn about light, and how photons are absorbed or reflected by different materials, and how the cones of the eye convert photons into neural impulses....
    A2. (good) because it was dyed red.

    Granted, all that other stuff can be interesting too, but to claim that you're providing the simple explanation is just ridiculous.

    (At least it's not as bad as the standard explanation of an airfoil, which is simply wrong.)

  32. Very smart indeed by Krneki · · Score: 2, Funny

    1. Make a web site.
    2. Claim Firefox is insecure while IE is.
    3. Get yourself noticed on Slashdot.
    4 ...
    5. Profit?

    --
    Love many, trust a few, do harm to none.
  33. You mean MS? by zogger · · Score: 2, Interesting

    Let them try! I don't think it would be hard at all to find at least *one million people* who have had their machines compromised over really insecure IE code, and maybe even lost money and had to go through and repair their credit when their logins or CC details were compromised.

    Besides, that isn't the issue here, this is a set of state flunkies who are labeling a corporation's products as insecure, so bad that they dont allow access for official purposes from tax paying citizens of that state, and saying this other corporations products are secure, or secure enough to use, and their choice of what is or isn't "secure enough" is freaking LAUGHABLE. I mean, WTF?? It is bogus on so many levels it ain't funny.

  34. Re:firefox and mac by prandal · · Score: 2, Informative

    about:config

    network.automatic-ntlm-auth.trusted-uris

    Yup, firefox supports NTLM authentication, and has for a long time, and it works for me.

  35. Let me fix that by ohxten · · Score: 2, Interesting

    DO NOT use FIREFOX or other Browsers besides IE. It has been decided that Mozilla based, non-IE browsers do not properly work with our website, and we don't feel like modifying our code to support other browsers.

    Fixed!

    --
    Need an automatic screenshot taker? Try here.
  36. It gets worse by ahziem · · Score: 2, Insightful
    The home page has double HTML tags (and is in designed in FrontPage 6.0). Years ago, I reported the double HTML tags to the web master, but he said it wasn't feasible to fix.

    Who takes advice from these people? :)

  37. I think both of you are correct... by Grog6 · · Score: 2, Interesting

    It took two years of meetings, executive staff luncheons, and similar BS; someone got a nice raise...

    Then one of the the IT guys was told "have a web page up by monday." (for nothing extra.) So he hacks it out in 10 minutes with frontpage; We are talking MS types, after all.

    THAT's how it usually goes.

    Wonder who gets reamed after the slashdotting fried their server? (It's currently choking on any browser I use)

    --
    Truth isn't Truth - Guliani
  38. Yeah right. by jotaeleemeese · · Score: 4, Insightful

    People like these bozos can insult our intelligence and we all are supposed to act politely and rationally.

    I say that a few hundreds or thousands rabid replies from aggravated individuals would do wonders.

    Sometimes politeness is seriously overrated...

    --
    IANAL but write like a drunk one.
  39. Context by MrZaius · · Score: 2, Insightful

    Given that their site is down at the moment, rendering their explanation unavailable, I'd like to point out that there is a rational argument to be made for the notion that using preinstalled and patched IE installs instead of a third party browser can increase security. I disagree with it (based on a number of factors expressed elsewhere in this thread), but it's a good argument:

    You increase the number of potential security holes on a workstation by increasing the number of installed applications. Your sysadmin is responsible for both maintaining and securing IE and Firefox, and is unable to uninstall the former. This, thank God, goes away in Windows 7. In the meantime, however, you can still disable and cripple IE in a way that limits its exposure - It's just more work than most Windows-heavy, Microsoft-ceritified admins are willing to do as doing so often strips them of their preferred choice, and the tools that they've been heavily trained in locking down and adapting to their local networks. If understaffed and underfunded, forcing IE usage may actually be the right call for some agencies and offices.

    Still no excuse for any IE6 or earlier builds being used in the wild.