Internet Explorer 7 Security
By Daniel Miessler on October 26th, 2005: Tagged as General | Windows
Look I’m pretty enthused about the new security features being used in the upcoming version of Internet Explorer. There’s a lot to be optimistic about.
But articles like this make me sad. I fail to see how IE7’s security hinges on the strength of encryption between it and a remote website.
Have you ever gone to fix someone’s system that was trashed by IE, only to say to yourself, “Damn, if only they’d used TLS instead of SSL.”? Yeah, me neither.
SSL 2.0, TLS 1.0 — whatever. I’m all for the stronger standard, but I’m more interested in seeing more needed improvements such as the handling of ActiveX, scripting, input validation, etc.
--
I guess the argument (for changing security layers instead of upgrading the buggy or insecure features)is that the more shady sites will bork because they use SSL1.0 or 2.0… but like the article says, it’s easy to add in SSL3.0 or TLS
Comment by Tim — 10/26/2005 @ 12:35 pm