A couple days ago I had mentioned that Lord Avebury had asked the UK Government about their usage of IE. The UK Government has now answered and I am reproducing the full text of the question and answer below:
Asked by Lord Avebury
To ask Her Majesty’s Government what discussions they have had with the governments of France and Germany about security risks of using Internet Explorer; and whether they will encourage public sector users to use another web browser. [HL1420]
The Parliamentary Under-Secretary of State, Home Office (Lord West of Spithead): UK government officials and subject matter experts are in regular contact with their counterparts in France, Germany and other countries on both a bilateral and multilateral basis to exchange technical information and opinions on many aspects of cyber security, including software vulnerabilities. For example, the UK’s Government Computer Emergency Response Team (GovCertUK) and Combined Security Incident Response Team (CSIRTUK) are members of the group of European Government CERTS (EGG), as are their French and German equivalents.
Complex software will always have vulnerabilities and motivated adversaries will always work to discover and take advantage of them. We take internet security very seriously and we have worked with Microsoft and other suppliers over many years to understand the security of the products used by HMG, including Internet Explorer. There is no evidence that moving from the latest fully patched versions of Internet Explorer to other browsers will make users more secure. Regular software patching and updating will help defend against the latest threats.
Microsoft issued a patch to fix the recent Internet Explorer vulnerability on 21 January. Prior to this, government departments had been issued with a GovCertUK alert on how to deal with this particular incident and to mitigate vulnerabilities in relation to particular versions of IE.
A government user, operating on government systems, such as the Government Secure Intranet (GSi), will benefit from additional security measures, unlikely to be available to the average home computer user. These include tools which actively monitor for evidence of any malicious attacks.
While the UK government contends that “there is no evidence that moving from the latest fully patched versions of Internet Explorer to other browsers will make users more secure”, there are many others who would disagree.
Lord Avebury (blog, bio) has tabled a written question in the United Kingdom House of Lords yesterday, which reads as under:
Lord Avebury to ask Her Majesty’s Government whether, in the light of the recent announcement by Microsoft that Internet Explorer was used to carry out the cyber attacks which prompted Google to say it will withdraw from China, they will review the use of Internet Explorer throughout the public sector. HL1505
Lord Avebury mentions that the Parliamentary IT authorities are actively discouraging the use of alternative browsers such as Chrome so it is great to see that he is holding the government accountable for their policies.
According to UK parliamentary procedure, the government is obliged to provide a written response to his question on or before 8 February 2010. I think it will be interesting to see what they have to say.
Lord Avebury is an active campaigner for the rights of ethnic minorities in the UK and also those who are British nationals living abroad. He is also a member of the EU Select Committee which considers EU policy on protecting Europe from large-scale cyber attacks.
Today I tried to complete an online purchase using my HSBC Visa Card (issued in Hong Kong), and when the merchant redirected me to HSBC for the Verified by Visa page, instead of the password prompt I used to receive, I saw the following:
Thinking that this must be an error (since it used to work fine before), I called up HSBC’s customer service hotline to find out what was going on.
I was shocked to hear that HSBC now officially only supports IE, and no other browsers are supported for Verified by Visa. I asked them what I’m supposed to do if I have a Mac and don’t have IE, and they responded that I’m supposed to use IE or nothing at all.
I asked why Firefox is unsupported since it used to work fine before and they gave a vague response that Firefox cannot exchange data with Visa properly (which does not make sense at all). They also said that their entire online platform is “built for Internet Explorer”.
The message from HSBC Hong Kong is clear: if you’re not using IE, don’t bother making online purchases with our Visa card.
My message to HSBC is this: if you’re not going to support Firefox, don’t count on me using your Visa card to make any purchases (online or offline).
In case anyone wants to comment on this, this is where the complaints need to go:
HSBC
Attn: Credit Card Services
8 Floor, Block 2 & 3
HSBC Centre
1 Sham Mong Road
Kowloon
Hong Kong
No doubt many of my readers will be aware of the horrendous debacle at India TV which resulted in them broadcasting a report with a fake photo of Syedna Mohammed Burhanuddin (TUS) “performing” the nikah of the Taleban terrorist, Baitullah Mehsud in Afghanistan.
Of course, Syedna Mohammed Burhanuddin (TUS) never performed this nikah and during the time of the said nikah, Syedna Mohammed Burhanuddin (TUS) was in Mumbai, not Afghanistan.
The TV channel has published an apology and also aired an apology for the indicident which can be seen here:
The source image and the doctored image can also be seen below:
India TV Source Image
India TV Fake Image
Without making any attempt to justify what is obviously abhorrent or non-existent editorial control, I do have a suspicion regarding how this came to pass. Rather than a deliberate attempt to slander Dawoodi Bohras, it is more likely the case that the “reporter” (and I use this word in the loosest term possible) did a Google Search on “nikah”, and found these results:
Google Search Results for "nikah"
The first usable photo became the “source” for the doctored “news report”. While this in no means justifies what happened and it should never have happened to begin with, it does mean that objectively, there was likely no intended malice towards Dawoodi Bohras.
Does it excuse the event? Absolutely not. Does it mean that it’s acceptable for news stations to doctor images to fake news events? No way. Everything that happened here should never have happened. But I think it does provide an insight into how it came about.
Also of interest to some readers may be the search engine referral statistics for Planet Bohra on 8 April, 2009. I’ve made these available as a PDF.
Yesterday I piloted a Boeing 737-800NG simulator. It was my first attempt at a flight from Hong Kong’s new airport Chek Lap Kok to the now out of service old airport Kai Tak. I control the yoke (steering) and yaw. My co-pilot controls the thrust, flaps and trim (and generally gives me some helpful directions since he’s a pilot and I’m not).
The 737 NG has some pretty sophisticated navigational equipment which is very helpful. One of the nice things was an indicator that shows your turn trajectory and projects it onto a runway extension – very useful for landings at Kai Tak.
Of note is that pilots who landed at Kai Tak back in the day had no such help, making those landings all the more impressive.
My landing is not on the runway centreline, but on the runway and close to where one should hope to land, so I’m happy with that for a first attempt at flying a 737 in a proper sim.
I just upgraded Zainab’s iPhone 2G (purchased from an Apple Store in the US) today from OS version 2.1 to 2.2.1. Originally this iPhone was unlocked using iJailBreak on 1.1.4 and then was jailbroken/unlocked on 2.0/2.1 using PwnageTool.
The instructions I read were to upgrade to 2.2.1 using iTunes and then run QuickPwn to jailbreak/unlock the iPhone 2G. Interestingly, after I upgraded to 2.2.1 using iTunes (without any custom IPSW – downloaded the release from Apple) the phone upgrade went without a hitch and the iPhone remained unlocked after the upgrade. That was a surprise.
Of course the phone is not jailbroken but I have no interest in that and it seems that once an iPhone 2G is unlocked there are at least some circumstances where it will remain so after a normal upgrade using the official IPSW.
So right now she’s using an iPhone 2.G with 2.2.1 OS without any jailbreaks or custom hacks, but with a non AT&T SIM. That’s from my POV ideal and a pleasant surprise.
I am responsible for overseeing the IT infrastructure of an office with about 40 Windows-based computers. We always keep the OS and relevant software patched, though sometimes even keeping Windows/Office/IE patched to the most current level is notenough.
The workarounds provided by Microsoft for this issue are frankly, not acceptable because website functionality with security set to ‘High’ is unacceptable and generate user complaints (and doesn’t even solve the problem completely).
Events like this give me cause to consider a company-wide deployment of Firefox as the default browser. We have no internal applications that rely on IE so this is not a sticking point for us as it is for many corporations. Plus, Firefox has far fewer “vulnerable days” as compared to IE (and when Firefox is vulnerable the potential risk to the system is usually lower).
However, there are a couple of blockers that stop me from taking this step. These include:
Lack of an automated/scriptable way to deploy Firefox that is supported by Mozilla (though bug 231062 has been filed for an MSI install package – almost 5 years later there is still no resolution).
Lack of any way to force Firefox product/security upgrades upon users. Without this, Firefox is arguably even more insecure than IE because at least with IE we can be reasonably sure that updates are being pushed out on schedule.
Lack of any centralised way to make sure plugins are up to date (I will concede that IE is not up to par on this front either).
There are probably a few other points that I can’t think of at the moment. However, our company is an SME with less than 100 computers and I find these issues troubling. Imagine a Fortune 500 company – the problem for them would be multiplied many fold.
I am unhappy about the latest problems with IE and unhappy that there is no patch yet for an exploit that is so clearly in the wild and unhappy that there isn’t even an acceptable way to mitigate the risk.
Having said all this – at the moment I don’t see that switching to an alternative browser is an acceptable solution to this problem for enterprise users for the reasons above.
If work was done to make Firefox more enterprise friendly, this would go a long way towards adoption in the workplace. As it stands, there are just too many reasons not to deploy even though the product is clearly superior from an end user standpoint.
Is Hong Kong the first market in the world to get an iPhone 3G which is both officially unlocked at the time of purchase and not tied to a carrier plan? According to the Apple HK iPhone store page, quite possibly:
iPhone 3G purchased at the Apple Online Store can be activated with any wireless carrier. Simply insert the SIM from your current phone into iPhone 3G and connect to iTunes 8 to complete activation.
They’re not cheap though. The 8GB phone costs HK$5400 (approx US$700) and the 16GB is HK$6200 (approx US$800).
UPDATE (13/09/2008): Seems that there’s no improvement in signal quality. On my way to work today, twice the phone dropped into a “No Service” area. This was in areas that most definitely should have had coverage.
There are a lot of reports out there that Apple’s 2.0.2 OS update for the iPhone fixes reception issues with 3G. Now I don’t know whether the issues are hardware, firmware, or software related (maybe all?), but I do know that the 2.0.2 update does not do anything to fix them, at least not for me here in Hong Kong.
In a city that has mobile coverage everywhere, including on underground trains, the iPhone sometimes shows 1 bar only for network strength in downtown Hong Kong, where most other phones show full signal strength. In areas where other phones have no problems getting reception, iPhone can show “No Service”.
I hope that iPhone OS 2.1 has a solution for these problems. The iPhone is a great computer, but it is lacking as a reliable mobile phone.
