Microsoft Internet Explorer (tm) Security
By Craig Brougher
|I just received this note from MSN, warning me that I am at risk on the Internet when I do the following things:
> As with any software used with the Web, most security problems can
> generally be avoided by following just a few simple precautions:
> Do not open attachments or use links in e-mail from persons you do
> not know. (It's OK to read the messages, just don't "click" on any
> objects in them.)
> Do not respond to e-mail that requests personal identifiable
> information such as your MSN password, credit card number, telephone
> number, social security number, or driver's license number.
> Do not send e-mail that contains personal information to anyone you
> are unfamiliar with or unsure about.
> Patronize only businesses that offer order forms that are encrypted
> to protect your confidential information when shopping or conducting
> other business transactions over the Internet.
If I am not mistaken, they are telling their subscribers that _if_ they shop on the Internet, they are in serious danger of being ripped off, intruded upon, or "digitally challenged" in some other way that is not very nice. They also did not even address the scenario by Ron Yost in regard to "Form" viruses as a result of using the MSN Internet Explorer. To me, their reply smacks of politics, and lacks conscientiousness and honesty. Their warning would apply to ANY search engine, seems to me.
They say that unless credit cards and order forms are encrypted, that no kind of shopping is safe. I wonder how anybody would know their order was safe anyway, even if vendor makes the _claim_ that the order is encrypted? Can't encryption can be almost anything, legally? What is a legal definition of "encryption?" (You take White-Out and block every third letter on the screen!)
Then, we read this:
> While the potential for problems is very limited, downloading the
> patch is the most effective way to eliminate any future concerns.
If the problem therefore is "the vulnerability of the Internet," presently, then how is it that by downloading a "fix" that MSN Explorer subscribers will be able to "correct" the consumer fraud and other unmentionable problems too horrible to think of or bother with? You might say that these messages are one more reason I stay rather confused and tend to play it _very_ safe.
When nobody will really tell me the rules, then I don't get into their game.
[ The simple definition: Encrypted data is so difficult to decipher
[ that it is not worth the effort. The responsibility for secure
[ transmission lies with the sender; the data must be encrypted before
[ it leaves your computer. Unless you, the sender, hold control of a
[ certified system, your data is not secure from intercept. If someone
[ says his security system is foolproof, and invites you to use it,
[ make him post a liability bond !
[ Like Craig says, be sensible and be safe, and assume your messages are
[ monitored by bad guys. If you must send sensitive data somewhere
[ (like a credit card number) use the postal service. The Internet is
[ just as vulnerable as the telephone and fax machine. -- Robbie
(Message sent Wed 19 Mar 1997, 00:04:12 GMT, from time zone GMT.)