State of Colorado Calls Firefox Insecure, IE6 Safe

linuxkrn writes "The State of Colorado's Office of Technology (OIT) has set up a work skills website. The problem is that the site says 'DO NOT use FIREFOX or other Browsers besides IE. It has been decided that Mozilla based, non-IE browsers pose a security risk.' (Original emphasis from site.) If the leading IT agency for the State is making these uneducated claims, should the people worry about their other decisions?"

Re:If I were from colorado..

[djh101010]

A more sensible approach might involve writing a well spoken, coherent, concise email. No reason to come across as a raving nutter - if someone is considering the "angry rant" approach, I'd suggest that perhaps what they are doing, is the opposite of help.

Another reason

[citricshooter]

From their FAQ: "Can I use Firefox or another Browser? No! For security reasons, and some significant processing issues as well, the only supported Browser is Internet Explorer Release 6 or later." I suspect the processing issues are the real reasons and they are trying to scare people into not using Firefox so they don't get the phone calls about their site not working.

Re:The site looks like...

[Anonymous Coward]

something i made back in middle school with Frontpage.

Go to http://www.coworkforce.com/ and check the page source...

Re:Attention all personnel

[Anonymous Coward]

He at least knew enough to be dangerous and change the default of hiding stack trace information when an unhandled exception occurs.

Re:firefox and mac

[PIBM]

The correct comparison would be this.

Gun #1: Kills each and every gunman when they don't expect it. You are not even pressing the trigger. But you sure as hell do know they kill the gunman.

Gun #2: You know that a gunman can be killed once in a while, but when it happens somebody will deliver you with upgraded guns preventing it from happening again in a small amount of time.

TY, I'll keep FF

Re:firefox and mac

[h4rr4r]

Ok, so explain why apache is less exploited than IIS. It is used far more.

Your little idea is cute and has been proposed by many before, and just like then it is wrong.

Also you should investigate your keyboard it seems to be broken.

Re:Yes and no

[h4rr4r]

Build your own firefox installer with whatever changes you need and then make an msi and distribute that.

This is so easy even a windows admin can do it.

Re:Attention all personnel

[cromar]

Whadya wanna bet it's in VB, too. Backwards institutions seem to love VB.NET!

Re:That's just bad

[jamie]

I should check the IIS version. I have a sneaky suspicion that it's not up to date. Or maybe take a cue from Bobby Tables and throw some SQL injection attacks at the site.

No, you really should not do that.

Sheesh...

Re:Who's on first?

[Tubal-Cain]

Use Safari, Chrome, or Opera!

Re:But does the site still WORK with Firefox?

[Chabo]

To be fair, writing .NET code in VB is exactly the same as writing it in C# -- compile them both and you get CIL code. Although I agree that these guys are likely incompetent, it's not fair to say "anyone who writes in VB is incompetent at programming".

Re:Attention all personnel

[rachit]

Interesting... stack trace displays are turned off by default from remote sites when using ASP.NET for security reasons. They had to explicitly turn them on to display this.

I doubt they are the best people to tell others about security...

Re:The site looks like...

[Adriax]

Very poor odds. Working for a similar state government agency I can tell you the process probably involved atleast 10 weekly or monthly meetings to outline the basic content, a 2 month review process on the outline documentation for the page layout, a 6 month bidding process from prospective contractors to create the webpage, another couple months for a cost/benefit analysis, with the final decision that a frontpage license and either a new permanent position or an expansion of duties amendment (with associated raise) to one of their high up IT people would be the answer. Total time to create that webpage, probably a year and a half to two years.

Re:Attention all personnel

[jgarra23]

Yea, their site is FAIL on so many levels. The least of which is their lack of a custom error page...

Re:Who's on first?

[Zumbs]

No, no, no! Use Lynx!

Re:If I were from colorado..

[Anonymous Coward]

Based on the speed at which things can get fixed by what are normally lumbering juggernauts when they are seen and reacted to by a million people on the Internet, I'd suggest that ten thousand angry rants are often much more effective than hundreds of extremely well spoken, coherent, concise emails.

In this case, a massive spew of vitriolic bile targetting squarely at the fools behind that miserably borked IIS site seems warranted, and is likely to be more effective than some pansy-assed coherent "Dear Sirs, I am writing to engage in a discussion concerning what appear to be some personal biases toward the fine products that Microsoft Corporation produces and their manifestation in a minor slight against Firefox, another fine product, on your web blah blah blah..."

Fuck that. Hoist the pitchforks! Ignite the torches! Geek wrath power ON!

Re:If I were from colorado..

[a_nonamiss]

Why are you linking that stuff here? You think anyone from and IT department that lauds the security of IE6 actually reads Slashdot? ;)

Re:Attention all personnel

[theshowmecanuck]

No no no YOUR comment shows YOUR ignorance.

Re:The site looks like...

[quacking duck]

Lest people think only government wastes monumental time and effort towards something relatively trivial, Microsoft spent a full year working on a feature one of its developers claims could've been done in a week [blogspot.com].

It's a paradox of project management--too many stakeholders or dependencies, and you're going to bog down in red tape. Too few means that no one cares what your project is and won't waste their time helping you, and it'll never see the light of day. Finding a balance is difficult at best in any large organization.

It gets worse

[ahziem]

The home page has double HTML tags (and is in designed in FrontPage 6.0). Years ago, I reported the double HTML tags to the web master, but he said it wasn't feasible to fix.

Who takes advice from these people? :)

Yeah right.

[jotaeleemeese]

People like these bozos can insult our intelligence and we all are supposed to act politely and rationally.

I say that a few hundreds or thousands rabid replies from aggravated individuals would do wonders.

Sometimes politeness is seriously overrated...

Context

[MrZaius]

Given that their site is down at the moment, rendering their explanation unavailable, I'd like to point out that there is a rational argument to be made for the notion that using preinstalled and patched IE installs instead of a third party browser can increase security. I disagree with it (based on a number of factors expressed elsewhere in this thread), but it's a good argument:

You increase the number of potential security holes on a workstation by increasing the number of installed applications. Your sysadmin is responsible for both maintaining and securing IE and Firefox, and is unable to uninstall the former. This, thank God, goes away in Windows 7. In the meantime, however, you can still disable and cripple IE in a way that limits its exposure - It's just more work than most Windows-heavy, Microsoft-ceritified admins are willing to do as doing so often strips them of their preferred choice, and the tools that they've been heavily trained in locking down and adapting to their local networks. If understaffed and underfunded, forcing IE usage may actually be the right call for some agencies and offices.

Still no excuse for any IE6 or earlier builds being used in the wild.