Sunday, July 6, 2008

Two Simple Rules for Safer Browsing - Update

Dave LeBlanc has some interesting comments on the recent browser security study. Dave is a very serious security guy, as opposed to me (I just play one on TV), so as always, RTWT.

I'm not convinced to run IE (hey Dave, when are y'all going to have one that runs on SuSE?), but his take on the seriousness of information leaks is spot on:
A flaw that IE doesn't have is advertising to the server the exact minor version of the application. People often underestimate the value of information leaks – advertising the exact minor version is basically saying "Hello, you may attack me with these exploits, but I'm patched against those exploits."
He also points out some statistical analysis issues with the study. Good reading if you want some drill down from my blathering.

No comments: