Aardvark Daily

New Zealand's longest-running online daily news and commentary publication, now in its 19th year. The opinion pieces presented here are not purported to be fact but reasonable effort is made to ensure accuracy.

Please visit the sponsor!

Time for a mil-spec browser?

29 April 2014

According to reports on the wires this morning, the US Department of Homeland Defense has advised people to stop using Microsoft's Internet Explorer until the latest zero-day vulnerability has been fixed.

OMG... how will they update their FacePalm pages?

Apparently the vulnerability is already exploited in attempts to compromise a range of key US industries and government organisations and anyone using IE will potentially be a sitting duck if they hook up to the web.

One has to wonder exactly what browser the US government and military are using for their online activities?

If (as I suspect) it is Internet Explorer, this vulnerability effectively leaves the US government caught with its pants down.

Surely they must have a mil-spec browser that they deploy in preference to the offerings from Microsoft, Google or Mozilla -- if not, one would have to ask "why not?"

In an age where cyberwarefare is becoming an increasingly important part of any war (or cold-war), using an "off the shelf" browser is somewhat akin to sending your front-line troops into combat dressed in teeshirts and sandals, whilst armed with little more than Daisy BB rifles.

Surely a mil-spec browser that has inbuilt hard encryption (no, not OpenSSL) for accessing top-secret restricted content and massive levels of sandboxing would be a number-one priority for any military or government -- but perhaps not. Maybe it's because USB drives filled with such code don't look nearly so impressive as drones laden with Hellfire missiles or supersonic combat aircraft when parading them before your enemies.

Let's face it, consumer-grade browsing software is constantly being patched to fix zero-day exploits and other vulnerabilities. Even if it's not your browser that's at fault today it's probably Adobe Flash -- which must surely be one of the worst bits of code in regular use, from a security perspective. In some ways it's a ticking time-bomb that's present in 99% of all web-surfing PCs.

Ah well.. the more somethings change, the more they stay the same, I guess. The only way to guarantee total security for your devices these days is to turn them off, lock them in a steel box and sit on that box for the rest of your natural life.

While I'm sure some may be tempted to take that course of action -- the rest of us (perhaps including the US military and government) will just have to take our chances, using the flawed software we have.

Please visit the sponsor!

(Sorry, forums are stuffed at present)

PERMALINK to this column

Rank This Aardvark Page

Change Font

Aardvark feeds

Audio

Mates' websites

Apart from the kind support of the sponsor, Aardvark Daily is largely a labour of love that involves many hours of hard work each month. If you appreciate the content you find here (or even if you don't) then please visit the sponsor and also feel free to gift me a donation using the button above.

Remember, this is purely a gift, you'll get nothing other than a warm fuzzy feeling in return.