Forgot your password?
typodupeerror
Security Government Internet Explorer Mozilla The Internet IT News

State of Colorado Calls Firefox Insecure, IE6 Safe 530

Posted by timothy
from the sheeps'-bladders-may-be-used-to-prevent-earthquakes dept.
linuxkrn writes "The State of Colorado's Office of Technology (OIT) has set up a work skills website. The problem is that the site says 'DO NOT use FIREFOX or other Browsers besides IE. It has been decided that Mozilla based, non-IE browsers pose a security risk.' (Original emphasis from site.) If the leading IT agency for the State is making these uneducated claims, should the people worry about their other decisions?"
This discussion has been archived. No new comments can be posted.

State of Colorado Calls Firefox Insecure, IE6 Safe

Comments Filter:
  • by Anonymous Coward

    The Education Property has been increased to 128 characters due to popular demand.

    That is all.

    • by PIBM (588930) on Thursday March 05, 2009 @05:49PM (#27083037) Homepage

      I tried to leave a comment :

      Server Error in '/SKILLS' Application.
      Object reference not set to an instance of an object.
      Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

      Exception Details: System.NullReferenceException: Object reference not set to an instance of an object.

      Source Error:

      An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

      Stack Trace:

      [NullReferenceException: Object reference not set to an instance of an object.]
            Skills.Suggestion.doTheSend() in C:\Documents and Settings\qeuc34\My Documents\Visual Studio 2005\Projects\Skills\Skills\Suggestion.aspx.vb:137
            Skills.Suggestion.sendEmailLink_Click(Object sender, EventArgs e) in C:\Documents and Settings\qeuc34\My Documents\Visual Studio 2005\Projects\Skills\Skills\Suggestion.aspx.vb:127
            System.Web.UI.WebControls.LinkButton.OnClick(EventArgs e) +90
            System.Web.UI.WebControls.LinkButton.RaisePostBackEvent(String eventArgument) +76
            System.Web.UI.WebControls.LinkButton.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +7
            System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +11
            System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +177
            System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1746

      Version Information: Microsoft .NET Framework Version:2.0.50727.1433; ASP.NET Version:2.0.50727.1433

      LOL ?!?

    • EDUCATION:
      I got a B.S. in computer science at Crazy Go Nuts University, and learned about security, including browsers. And let me tell y

  • by Hatta (162192) on Thursday March 05, 2009 @05:44PM (#27082969) Journal

    I'd be writing a nasty email right now.

  • by Anonymous Coward
    something i made back in middle school with Frontpage. Credible sources spouting uneducated banter about things they SHOULD know about and having a website look like THAT? they should be ashamed
  • That's just bad (Score:5, Interesting)

    by AKAImBatman (238306) * <akaimbatman@gmail.cFREEBSDom minus bsd> on Thursday March 05, 2009 @05:47PM (#27083009) Homepage Journal

    Well, I'm impressed. I tried to send them a message telling them that they're morons. (Though in a more polite manner.) They got right back to me with this message:

    Server Error in '/SKILLS' Application.

    Object reference not set to an instance of an object.

    Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

    Exception Details: System.NullReferenceException: Object reference not set to an instance of an object.

    Source Error:

    An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

    Stack Trace:

    [NullReferenceException: Object reference not set to an instance of an object.]
          Skills.Suggestion.doTheSend() in C:\Documents and Settings\qeuc34\My Documents\Visual Studio 2005\Projects\Skills\Skills\Suggestion.aspx.vb:137
          Skills.Suggestion.sendEmailLink_Click(Object sender, EventArgs e) in C:\Documents and Settings\qeuc34\My Documents\Visual Studio 2005\Projects\Skills\Skills\Suggestion.aspx.vb:127
          System.Web.UI.WebControls.LinkButton.OnClick(EventArgs e) +90
          System.Web.UI.WebControls.LinkButton.RaisePostBackEvent(String eventArgument) +76
          System.Web.UI.WebControls.LinkButton.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +7
          System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +11
          System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +177
          System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1746

    Version Information: Microsoft .NET Framework Version:2.0.50727.1433; ASP.NET Version:2.0.50727.1433

    I love how the site is:

    A) Being run off of someone's desktop. Out of their My Documents folder, no less.
    B) Gives up the username of the machine without so much as a "how do you do"
    C) Shows the world that our amazing admin can't even hack it at C#

    I should check the IIS version. I have a sneaky suspicion that it's not up to date. Or maybe take a cue from Bobby Tables and throw some SQL injection attacks [xkcd.com] at the site. :-/

  • I'm from Colorado. Most of the time I feel the State Government here is on crack. If I write them an email using Thunderbird, I wonder if it would be rejected because it didn't come via Outlook?

  • by dark404 (714846) on Thursday March 05, 2009 @05:49PM (#27083033)
    What do you expect from a state who uses 128 characters to describe a perspective hire's education.
    The Education Property has been increased to 128 characters due to popular demand. Thanks for your patience.
  • If not, then I'd be a little annoyed if I had to use the site. If it does, then what's the problem? Just ignore the notice and go about your business.

    Seriously, is this the kind of "news" that passes as a slashdot article now?
    • by Aelyew (14580) on Thursday March 05, 2009 @05:55PM (#27083161)

      Actually the site doesn't work whether you're using Internet Explorer or Firefox. It looks worse with Firefox because they are using some of the non-standard display tags that cause components to overlap if using a standards compliant browser. Regardless of the browser used, the result is the same: failure.

  • It has been decided

    I wonder who decided that? Does their name start with 'Micro' and end with 'Soft'?

  • ... has an answer to "Why is the sky blue?". It's mostly right, without being informative at all. Of course, I saw that with Firefox, so maybe it'd have been a lot better of an answer if I'd used IE 6+.

  • by esocid (946821) on Thursday March 05, 2009 @05:50PM (#27083065) Journal
    Must use IE. Windows is unsafe. FF is not.

    Head asplodes.
  • And while you're there, don't use OS X, Linux, iPhone or anything other than windows to access this site, because they're all unsafe because they don't use IE6.
  • Another reason (Score:3, Insightful)

    by citricshooter (159349) on Thursday March 05, 2009 @05:53PM (#27083119)
    From their FAQ: "Can I use Firefox or another Browser? No! For security reasons, and some significant processing issues as well, the only supported Browser is Internet Explorer Release 6 or later." I suspect the processing issues are the real reasons and they are trying to scare people into not using Firefox so they don't get the phone calls about their site not working.
  • PEBKAC (Score:4, Informative)

    by Devil's BSD (562630) on Thursday March 05, 2009 @05:55PM (#27083159) Homepage

    Well, they're mostly wrong, but partially right. All things considered, the biggest security risk isn't the web browser used, it's the incompetent organic mass between the keyboard and the chair.

    It still amazes me how many people really think they're the 1,000,000th visitor to a site, and that they've actually won something because of it.

  • by symes (835608) on Thursday March 05, 2009 @05:55PM (#27083177) Journal
    From the site:

    "Questions and Answers"

    "Can I use Firefox or another Browser?"

    "No! For security reasons, and some significant processing issues as well, the only supported Browser is Internet Explorer Release 6 or later."

    "What if I have a Skill that isn't listed?"

    "The "Suggestion" tool enables you to communicate directly with the Administrators. We will research your proposed Skill with your input and agreement."

    I'd like to learn how to make web pages. Think I might see if I can tap these guys expertise. Anyone else fancy coming along?

  • Mozilla (Score:5, Interesting)

    by zogger (617870) on Thursday March 05, 2009 @05:56PM (#27083183) Homepage Journal

    Mozilla is an actual bona fide business allied with google among others, and as such I hope they sue the living snot out of that agency for making such a public claim. This sort of thing is no freakin joke. If they do, I would be interested to see what comes out in discovery with the actual human bureaucrats involved in setting this policy and posting that.

  • by Anonymous Coward on Thursday March 05, 2009 @05:57PM (#27083213)

    So now Colorado thinks they're smarter than the feds?

    Not long ago the DHS said to avoid IE and use firefox for security reasons.
    http://www.google.com/search?q=dhs+avoid+ie

  • by terminalhype (971547) on Thursday March 05, 2009 @06:29PM (#27083747)

    Message from the State Chief Information Officer
    Michael Locatis, State CIO
    "As the Chief Information Officer for the State of Colorado, my role is to provide the momentum and strategy for wide-ranging activities from promoting high end research and development of cutting edge technologies to creating strategies for service delivery supporting the day to day operations for the State of Colorado - thereby making a difference in the lives of the people of Colorado and delivering Governor Ritter's 'Colorado Promise'."

    http://www.govtech.com/pcio/articles/386146 [govtech.com]
    Colorado Gov. Bill Ritter and CIO Mike Locatis Launch IT Consolidation
    Aug 21, 2008
    Before his Cabinet appointment in Colorado, he was CIO of Denver, where he showed his centralization skills (and caught Ritter's attention) by consolidating 20 separate municipal and county departments into a single, citywide IT agency. It's also where Locatis learned how fragmented the state's IT systems were.

    "It was while I was working in local government that the issues surrounding state IT were immediately apparent because they impacted how services were delivered at the local level," he said.

    Before becoming a public-sector CIO, Locatis was the senior director of enterprise technology strategy for Time Warner Cable Inc., part of Time Warner Inc., a Fortune 50 company and the country's largest entertainment firm. Locatis honed his skills at aligning customer-service delivery systems, standardizing desktop capabilities and managing tech and support teams for huge enterprise resource planning applications.

    Despite Locatis' knowledge of the state's IT systems' problems, he wasn't expecting the mammoth job he faced. "It was significantly siloed and fragmented IT delivery, which was a root cause of a lot of the issues - including inefficiencies, a lack of leveraging an enterprise approach and just about every [IT] department in the state doing its own thing," he said.

  • by Joe Snipe (224958) on Thursday March 05, 2009 @06:31PM (#27083783) Homepage Journal

    The state of colorado made attempts to be "ahead" of the curve when it came to an online presence (see also denvergov.com [denvergov.com] and the atrocity that is netfile [state.co.us]; we were one of the first states to have online tax filing). Unfortunately they hired people who knew ass all about javascript (or proper DB handling) and no one knew enough to stop it in it's infancy. Now it has snowballed into something too costly to replace and too borked to simply repair.
    I imagine someone told some user that ff was a security risk, rather than go into the technical details of why the site falls to crap on browser it was never tested for. Eventually, through what I like to call "the wiki effect" that same information got passed back as fact to the current web coders who promptly put up a notice to inform their end users.

    Even still, fail.

  • HTML compliance (Score:3, Interesting)

    by Tubal-Cain (1289912) on Thursday March 05, 2009 @06:40PM (#27083927) Journal
    That site looks horrible. Ironically, according to the W3C's "Markup Validation Service" it has 21 errors [w3.org] with it's HTML. Less than Google's homepage [w3.org].
  • Context (Score:3, Insightful)

    by MrZaius (321037) on Friday March 06, 2009 @06:06AM (#27089119) Homepage

    Given that their site is down at the moment, rendering their explanation unavailable, I'd like to point out that there is a rational argument to be made for the notion that using preinstalled and patched IE installs instead of a third party browser can increase security. I disagree with it (based on a number of factors expressed elsewhere in this thread), but it's a good argument:

    You increase the number of potential security holes on a workstation by increasing the number of installed applications. Your sysadmin is responsible for both maintaining and securing IE and Firefox, and is unable to uninstall the former. This, thank God, goes away in Windows 7. In the meantime, however, you can still disable and cripple IE in a way that limits its exposure - It's just more work than most Windows-heavy, Microsoft-ceritified admins are willing to do as doing so often strips them of their preferred choice, and the tools that they've been heavily trained in locking down and adapting to their local networks. If understaffed and underfunded, forcing IE usage may actually be the right call for some agencies and offices.

    Still no excuse for any IE6 or earlier builds being used in the wild.

"In matters of principle, stand like a rock; in matters of taste, swim with the current." -- Thomas Jefferson

Working...