Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

State of Colorado Calls Firefox Insecure, IE6 Safe

timothy posted more than 5 years ago | from the sheeps'-bladders-may-be-used-to-prevent-earthquakes dept.

Security 530

linuxkrn writes "The State of Colorado's Office of Technology (OIT) has set up a work skills website. The problem is that the site says 'DO NOT use FIREFOX or other Browsers besides IE. It has been decided that Mozilla based, non-IE browsers pose a security risk.' (Original emphasis from site.) If the leading IT agency for the State is making these uneducated claims, should the people worry about their other decisions?"

cancel ×

530 comments

Sorry! There are no comments related to the filter you selected.

Attention all personnel (2, Funny)

Anonymous Coward | more than 5 years ago | (#27082963)

The Education Property has been increased to 128 characters due to popular demand.

That is all.

Re:Attention all personnel (5, Funny)

PIBM (588930) | more than 5 years ago | (#27083037)

I tried to leave a comment :

Server Error in '/SKILLS' Application.
Object reference not set to an instance of an object.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.NullReferenceException: Object reference not set to an instance of an object.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[NullReferenceException: Object reference not set to an instance of an object.]
      Skills.Suggestion.doTheSend() in C:\Documents and Settings\qeuc34\My Documents\Visual Studio 2005\Projects\Skills\Skills\Suggestion.aspx.vb:137
      Skills.Suggestion.sendEmailLink_Click(Object sender, EventArgs e) in C:\Documents and Settings\qeuc34\My Documents\Visual Studio 2005\Projects\Skills\Skills\Suggestion.aspx.vb:127
      System.Web.UI.WebControls.LinkButton.OnClick(EventArgs e) +90
      System.Web.UI.WebControls.LinkButton.RaisePostBackEvent(String eventArgument) +76
      System.Web.UI.WebControls.LinkButton.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +7
      System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +11
      System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +177
      System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1746

Version Information: Microsoft .NET Framework Version:2.0.50727.1433; ASP.NET Version:2.0.50727.1433

LOL ?!?

Re:Attention all personnel (3, Interesting)

amclay (1356377) | more than 5 years ago | (#27083081)

I just tried in all sections. I ended up leaving a message with the Gov. Perhaps the webmaster didn't know anything about web programming?

Re:Attention all personnel (3, Insightful)

Anonymous Coward | more than 5 years ago | (#27083341)

He at least knew enough to be dangerous and change the default of hiding stack trace information when an unhandled exception occurs.

Re:Attention all personnel (5, Funny)

Shatrat (855151) | more than 5 years ago | (#27083435)

Skills.Suggestion.doTheSend()

Priceless. 'send()' would have been a boring name for that function.

First Hosea wins Top Chef instead of an actual chef, and now this.
I hate Colorado now.

Re:Attention all personnel (5, Funny)

Jogar the Barbarian (5830) | more than 5 years ago | (#27083043)

EDUCATION:
I got a B.S. in computer science at Crazy Go Nuts University, and learned about security, including browsers. And let me tell y

Re:Attention all personnel (0)

Anonymous Coward | more than 5 years ago | (#27083361)

I will see your "Crazy Go Nuts University," and raise you a "No But I Stayed At a Holiday Inn Last Night!"

Re:Attention all personnel (1, Funny)

Anonymous Coward | more than 5 years ago | (#27083449)

Fighting
And sometimes striving
Wondering
What the dumple is
Excellence
And what is valor?
And The Cheat
Will hit stuff with a golf club
C-G-N-U! [youtube.com]

Your First Premise Is Wrong: +1, Informative (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#27083309)

There is NO State of Colorado because there is NO U.S.A.

The U.S.A. has collapsed.

Yours In Communism,
Kilgore Trout [youtube.com]

If I were from colorado.. (2, Informative)

Hatta (162192) | more than 5 years ago | (#27082969)

I'd be writing a nasty email right now.

Re:If I were from colorado.. (5, Insightful)

djh101010 (656795) | more than 5 years ago | (#27083017)

A more sensible approach might involve writing a well spoken, coherent, concise email. No reason to come across as a raving nutter - if someone is considering the "angry rant" approach, I'd suggest that perhaps what they are doing, is the opposite of help.

Here's How to contact them (5, Informative)

Anonymous Coward | more than 5 years ago | (#27083127)

Email:

oit@state.co.us

Phone:

303-866-6060

Fax:

303-866-6454

US Mail:

Governor's Office of Information Technology

1580 Logan St., Suite 200

Denver,CO 80203

Re:If I were from colorado.. (5, Funny)

Anonymous Coward | more than 5 years ago | (#27083301)

Obviously the correct approach is to send them a link to a special web page that will infect their computer if using IE. Once you've taken over their computer, you can use it to change their policies to supporting Firefox.

Re:If I were from colorado.. (4, Informative)

Thelasko (1196535) | more than 5 years ago | (#27083317)

Contact information is here. [colorado.gov] Don't try to contact them using the link in the summary, it doesn't work.

Re:If I were from colorado.. (0)

Anonymous Coward | more than 5 years ago | (#27083393)

I was going to suggest using the Angry Rant approach to send an email agreeing with their decision.

Re:If I were from colorado.. (5, Informative)

Anonymous Coward | more than 5 years ago | (#27083443)

Secunia states that Firefox3 has less critical issues:
http://secunia.com/advisories/product/19089/ [secunia.com]

While IE6 and IE7 have moderate problems. Making IE less secure:
http://secunia.com/advisories/product/11/ [secunia.com]
http://secunia.com/advisories/product/12366/ [secunia.com]

Firefox3 also has only 1 issue unpatched, while IE6 has 22 open issues.

Two words... (0)

Anonymous Coward | more than 5 years ago | (#27083291)

Altitude sickness.

I AM from colorado.. (1)

WindBourne (631190) | more than 5 years ago | (#27083295)

and will be voting out Ritter as long as the neo-cons are not ran again.

Why? (4, Funny)

Greyfox (87712) | more than 5 years ago | (#27083559)

I can just drive down there and slap them in person...

The site looks like... (2, Interesting)

Anonymous Coward | more than 5 years ago | (#27082995)

something i made back in middle school with Frontpage. Credible sources spouting uneducated banter about things they SHOULD know about and having a website look like THAT? they should be ashamed

Re:The site looks like... (1, Insightful)

Anonymous Coward | more than 5 years ago | (#27083123)

something i made back in middle school with Frontpage.

Go to http://www.coworkforce.com/ and check the page source...

Re:The site looks like... (5, Informative)

Camann (1486759) | more than 5 years ago | (#27083311)

Relevant text in case of site slashdotted:
<head>
<meta http-equiv="Content-Language" content="en-us">
<meta name="GENERATOR" content="Microsoft FrontPage 6.0" >
<meta name="ProgId" content="FrontPage.Editor.Document" >
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252" >
<title>Welcome to The Colorado Department of Labor and Employment</title>
<link rel=stylesheet href="/commoncomponents/contentstyles.css" type="text/css">
</head>

That's just bad (5, Interesting)

AKAImBatman (238306) | more than 5 years ago | (#27083009)

Well, I'm impressed. I tried to send them a message telling them that they're morons. (Though in a more polite manner.) They got right back to me with this message:

Server Error in '/SKILLS' Application.

Object reference not set to an instance of an object.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.NullReferenceException: Object reference not set to an instance of an object.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[NullReferenceException: Object reference not set to an instance of an object.]
      Skills.Suggestion.doTheSend() in C:\Documents and Settings\qeuc34\My Documents\Visual Studio 2005\Projects\Skills\Skills\Suggestion.aspx.vb:137
      Skills.Suggestion.sendEmailLink_Click(Object sender, EventArgs e) in C:\Documents and Settings\qeuc34\My Documents\Visual Studio 2005\Projects\Skills\Skills\Suggestion.aspx.vb:127
      System.Web.UI.WebControls.LinkButton.OnClick(EventArgs e) +90
      System.Web.UI.WebControls.LinkButton.RaisePostBackEvent(String eventArgument) +76
      System.Web.UI.WebControls.LinkButton.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +7
      System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +11
      System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +177
      System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1746

Version Information: Microsoft .NET Framework Version:2.0.50727.1433; ASP.NET Version:2.0.50727.1433

I love how the site is:

A) Being run off of someone's desktop. Out of their My Documents folder, no less.
B) Gives up the username of the machine without so much as a "how do you do"
C) Shows the world that our amazing admin can't even hack it at C#

I should check the IIS version. I have a sneaky suspicion that it's not up to date. Or maybe take a cue from Bobby Tables and throw some SQL injection attacks [xkcd.com] at the site. :-/

Re:That's just bad (4, Funny)

interkin3tic (1469267) | more than 5 years ago | (#27083035)

Maybe they're not morons, maybe it's just that the entire state is on the cutting edge of the latest trolling fads? Like, it's so good at trolling that I can't think of how the joke is on everyone, so...

My head hurts, colorado wins again...

Re:That's just bad (3, Funny)

CannonballHead (842625) | more than 5 years ago | (#27083079)

I wonder if the website was hacked already and its a fake ;) :)

Re:That's just bad (1)

neowolf (173735) | more than 5 years ago | (#27083153)

I just did the same thing... What a f*cking joke.

Re:That's just bad (1)

hansamurai (907719) | more than 5 years ago | (#27083157)

For being hosted off of someone's machine, they're doing quite well for being posted on Slashdot.

Re:That's just bad (5, Funny)

castorvx (1424163) | more than 5 years ago | (#27083211)

On the plus side, his workstation is about to get an HTTP benchmark.

Re:That's just bad (4, Funny)

xrayspx (13127) | more than 5 years ago | (#27083215)

Were you using IE to send your comment?

Re:That's just bad (1, Informative)

Anonymous Coward | more than 5 years ago | (#27083223)

The Skills IT developer is staying more true to form and using VB.

See: Suggestion.aspx.vb

Re:That's just bad (5, Informative)

Gwala (309968) | more than 5 years ago | (#27083241)

It's not being run off someones desktop - the developer in question forgot to turn debug symbols off. Debug symbols in .NET include sourcecode filenames and line numbers on Windows.

Re:That's just bad (3, Funny)

Anonymous Coward | more than 5 years ago | (#27083517)

This is from the site headers:

HTTP/1.1 200 OK
Date: Thu, 05 Mar 2009 22:06:53 GMT
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 7454

I love how they have the office web server extensions enabled. Ouch.

Slashdotted before FP! (1)

ecklesweb (713901) | more than 5 years ago | (#27083359)

What's bad is that you managed to single-handledly introduce the amazing admin to the slashdot effect.

Re:That's just bad (0)

Anonymous Coward | more than 5 years ago | (#27083405)

I've reported your hack attempt to the department of homeland security.

Re:That's just bad (1)

Fulcrum of Evil (560260) | more than 5 years ago | (#27083575)

Maybe qeuc34 is an app user account. Probably not, but maybe.

Colorado (1)

neowolf (173735) | more than 5 years ago | (#27083013)

I'm from Colorado. Most of the time I feel the State Government here is on crack. If I write them an email using Thunderbird, I wonder if it would be rejected because it didn't come via Outlook?

It's easy mmmkay (0)

Anonymous Coward | more than 5 years ago | (#27083025)

They would say that, the site is written in ASP.NET.

What do you expect... (5, Funny)

dark404 (714846) | more than 5 years ago | (#27083033)

What do you expect from a state who uses 128 characters to describe a perspective hire's education.
The Education Property has been increased to 128 characters due to popular demand. Thanks for your patience.

Re:What do you expect... (4, Funny)

Gat0r30y (957941) | more than 5 years ago | (#27083527)

Teachers here in CO often have bumper stickers proclaiming: Welcome to Colorado, 49th in funding for schools. Perhaps there is a correlation, then again, I was educated exclusively in this state so maybe I'm just an idiot.

I learnt something today - Time Line (0, Troll)

inthedump (1484859) | more than 5 years ago | (#27083041)

OMG I learnt something today!! 10:00 AM *runs off to uninstall Firefox and other Mozilla browsers 10:05 AM *fires up the most secure browser IE 10:05 AM * oh crap!! my computer is INFESTED with a zillion viruses :((

.Net error when submitting feedback (1)

volfreak (555528) | more than 5 years ago | (#27083051)

It seems that the OIT can't even get a .Net application to properly handle feedback. Upon submitting, I get "Server Error in '/SKILLS' Application. Object reference not set to an instance of an object." That really instills confidence in their 'decision'!

But does the site still WORK with Firefox? (1)

dfm3 (830843) | more than 5 years ago | (#27083053)

If not, then I'd be a little annoyed if I had to use the site. If it does, then what's the problem? Just ignore the notice and go about your business.

Seriously, is this the kind of "news" that passes as a slashdot article now?

Re:But does the site still WORK with Firefox? (5, Informative)

Aelyew (14580) | more than 5 years ago | (#27083161)

Actually the site doesn't work whether you're using Internet Explorer or Firefox. It looks worse with Firefox because they are using some of the non-standard display tags that cause components to overlap if using a standards compliant browser. Regardless of the browser used, the result is the same: failure.

Re:But does the site still WORK with Firefox? (1)

Chabo (880571) | more than 5 years ago | (#27083173)

Can I use Firefox or another Browser?

No! For security reasons, and some significant processing issues as well, the only supported Browser is Internet Explorer Release 6 or later.

Re:But does the site still WORK with Firefox? (1)

snl2587 (1177409) | more than 5 years ago | (#27083591)

No! For security reasons, and some significant processing issues as well, the only supported Browser is Internet Explorer Release 6 or later.

So I'm to assume they don't know the difference between client-side and server-side scripting?

Nice quote (1)

SnarfQuest (469614) | more than 5 years ago | (#27083061)

It has been decided

I wonder who decided that? Does their name start with 'Micro' and end with 'Soft'?

The Decider (2, Funny)

janeuner (815461) | more than 5 years ago | (#27083117)

He decided.

Re:Nice quote (3, Funny)

inthedump (1484859) | more than 5 years ago | (#27083143)

Maybe their size is "Micro" and its always "Soft".

Re:Nice quote (1)

CannonballHead (842625) | more than 5 years ago | (#27083193)

Uh, very doubtful. More likely, it was the same person that can't even program a feedback thing correctly, and is running their webserver from My Documents ...

This really doesn't have a whole lot to do with Microsoft or IE. This is an "ignorant person" story. Unless you have some link of where MS said Firefox was unsafe, as well as all non-IE browsers?

Re:Nice quote (1)

fuzzyfuzzyfungus (1223518) | more than 5 years ago | (#27083459)

A correlation has been observed between situations in which the passive voice has been utilized, and utter asshattery.

Their FAQ page... (1)

gardyloo (512791) | more than 5 years ago | (#27083063)

... has an answer to "Why is the sky blue?". It's mostly right, without being informative at all. Of course, I saw that with Firefox, so maybe it'd have been a lot better of an answer if I'd used IE 6+.

Re:Their FAQ page... (1)

residieu (577863) | more than 5 years ago | (#27083479)

Because it isn't green?

Who's on first? (4, Funny)

esocid (946821) | more than 5 years ago | (#27083065)

Must use IE. Windows is unsafe. FF is not.

Head asplodes.

Windows only? (1)

Leibel (768832) | more than 5 years ago | (#27083091)

And while you're there, don't use OS X, Linux, iPhone or anything other than windows to access this site, because they're all unsafe because they don't use IE6.

Why the assumption that the claims are uneducated? (0, Redundant)

Blakey Rat (99501) | more than 5 years ago | (#27083101)

For all we know, there's been a piece of malware in a Firefox add-in or something and their concern is valid. Benefit of the doubt.

Re:Why the assumption that the claims are uneducat (0)

Anonymous Coward | more than 5 years ago | (#27083205)

For all we know, there's been a piece of malware in a Firefox add-in or something and their concern is valid. Benefit of the doubt.

Except of course Microsoft would not even try to claim IE6 is more secure than Firefox. Heck for all you know someone has a piece of Malware in an Active-X plugin . (Which is a lot more likely than your scenario)

Re:Why the assumption that the claims are uneducat (1)

h4rr4r (612664) | more than 5 years ago | (#27083231)

So perhaps there is an issue with Firefox vs the known issues with IE6.
That seems like some crappy logic there slick.

Re:Why the assumption that the claims are uneducat (1)

neowolf (173735) | more than 5 years ago | (#27083269)

Based on the look-and-feel of the site, and the great error message (already posted by someone else) if you try to send them feedback- I'd say they are completely uneducated.

It honestly looks like the site was done using the first version of FrontPage, on a very-poorly configured IIS that appears to be running on someone's desktop.

The really sad thing this is supposed to be for the Colorado State "Office of Information Technology". I live in Colorado, and this is REALLY embarrassing.

Another reason (3, Insightful)

citricshooter (159349) | more than 5 years ago | (#27083119)

From their FAQ: "Can I use Firefox or another Browser? No! For security reasons, and some significant processing issues as well, the only supported Browser is Internet Explorer Release 6 or later." I suspect the processing issues are the real reasons and they are trying to scare people into not using Firefox so they don't get the phone calls about their site not working.

PEBKAC (3, Informative)

Devil's BSD (562630) | more than 5 years ago | (#27083159)

Well, they're mostly wrong, but partially right. All things considered, the biggest security risk isn't the web browser used, it's the incompetent organic mass between the keyboard and the chair.

It still amazes me how many people really think they're the 1,000,000th visitor to a site, and that they've actually won something because of it.

Re:PEBKAC (5, Funny)

residieu (577863) | more than 5 years ago | (#27083601)

Yeah, you're not really a winner until you successfully punch the monkey.

"It has been decided" (2, Interesting)

Banichi (1255242) | more than 5 years ago | (#27083165)

I love seeing statements like this from nominal authority figures.

'Look on my works, ye Mighty, and despair!'

Re:"It has been decided" (2, Funny)

Qzukk (229616) | more than 5 years ago | (#27083305)

I'm despairing, all right.

Re:"It has been decided" (0)

Anonymous Coward | more than 5 years ago | (#27083415)

Yes, Microsoft Works has that effect on me.

Re:"It has been decided" (1)

blueZ3 (744446) | more than 5 years ago | (#27083503)

So Colorado's OIT hired Ozymandias?

Contact info for OIT (4, Informative)

XenonOfArcticus (53312) | more than 5 years ago | (#27083169)

Re:Contact info for OIT (1, Informative)

Anonymous Coward | more than 5 years ago | (#27083397)

you don't need to go that far ... just click "need help" and see all the pretty email addresses in the drop down boxes - i guess they weren't getting enough spam already ...

From the site (4, Funny)

symes (835608) | more than 5 years ago | (#27083177)

From the site:

"Questions and Answers"

"Can I use Firefox or another Browser?"

"No! For security reasons, and some significant processing issues as well, the only supported Browser is Internet Explorer Release 6 or later."

"What if I have a Skill that isn't listed?"

"The "Suggestion" tool enables you to communicate directly with the Administrators. We will research your proposed Skill with your input and agreement."

I'd like to learn how to make web pages. Think I might see if I can tap these guys expertise. Anyone else fancy coming along?

Re:From the site (1)

CannonballHead (842625) | more than 5 years ago | (#27083271)

I wouldn't mind learning how to write English so well, especially capitalization. I have a tendency to capitalize Proper Nouns even if they aren't really Proper Nouns at all, but just normal Nouns. Oh Well. I Guess it Fits Well with my 128 character Education History, Too?

Re:From the site (1)

blueZ3 (744446) | more than 5 years ago | (#27083469)

This is a Government Thing, like the noun, descriptor naming conventions

When I was in the Army, I had a really, really green 2nd Lt. tell me that he wanted a drawing of the company arms room (armory) that showed where everything was located. I tried to talk him out of it, as it was a 15x30 room with open racks that were all visible from anywhere in the room and a single set of locked cabinets. He insisted.

So I painstakingly drew up a "map" of the room using all the correct terminology: rack, weapons, upright rifle holding, M-16/M203; rack, weapons, upright pistol holding, M-9; desk, field portable

When the captain came by and asked me what I was working on, I showed him and got my revenge. :-)

firefox and mac (-1)

circletimessquare (444983) | more than 5 years ago | (#27083179)

have an aura of being more secure than ie or microsoft, simply because they have been tested less than ie or microsoft, simply because they have less market penetration, and therefore less hackers aim their minds at firefox or mac than at ie or microsoft. in other words, ie and microsoft are more "battlehardened" than firefox or mac

if you were a general in a war, and you had to choose between two guns, and

gun #1: backfires and kills the gunman every 1,000 rounds, as proven by solid combat use

gun #2: backfires and kills the gunman every unknown number of rounds, unproven in combat use

you tend to choose gun #1. because you are a GENERAL, which is a type of bureaucrat, which is a person who is extremely conservative and careful. you are not the r&d department

this is the thinking of the bureaucrats in colorado, who, like all government figureheads, are extremely conservative careful and slow on the uptake. as they SHOULD be. it is not the job of government to suggest the less battle tested. that is your job

just make sure you have enough wisdom that you don't expect a bureaucrat to act like a progressive. sorry, not in the job description. you will nowhere on the face of this earth find a government mandarin who is risk taking and countercultural and daring in their thinking

therefore, the error is not in the official word of the state of colorado. the error is yours: expecting a government figurehead to be a progressive influence

Re:firefox and mac (0)

Anonymous Coward | more than 5 years ago | (#27083363)

Because several million compared to several million isn't 'tested and tried'

Re:firefox and mac (0, Offtopic)

Xerolooper (1247258) | more than 5 years ago | (#27083381)

have an aura of being more secure than ie or microsoft, simply because they have been tested less than ie or microsoft, simply because they have less market penetration, and therefore less hackers aim their minds at firefox or mac than at ie or microsoft. in other words, ie and microsoft are more "battlehardened" than firefox or mac

if you were a general in a war, and you had to choose between two guns, and

gun #1: backfires and kills the gunman every 1,000 rounds, as proven by solid combat use

gun #2: backfires and kills the gunman every unknown number of rounds, unproven in combat use

you tend to choose gun #1. because you are a GENERAL, which is a type of bureaucrat, which is a person who is extremely conservative and careful. you are not the r&d department

this is the thinking of the bureaucrats in colorado, who, like all government figureheads, are extremely conservative careful and slow on the uptake. as they SHOULD be. it is not the job of government to suggest the less battle tested. that is your job

just make sure you have enough wisdom that you don't expect a bureaucrat to act like a progressive. sorry, not in the job description. you will nowhere on the face of this earth find a government mandarin who is risk taking and countercultural and daring in their thinking

therefore, the error is not in the official word of the state of colorado. the error is yours: expecting a government figurehead to be a progressive influence

Mod Parent up +1 insightful

Re:firefox and mac (3, Insightful)

PIBM (588930) | more than 5 years ago | (#27083403)

The correct comparison would be this.

Gun #1: Kills each and every gunman when they don't expect it. You are not even pressing the trigger. But you sure as hell do know they kill the gunman.

Gun #2: You know that a gunman can be killed once in a while, but when it happens somebody will deliver you with upgraded guns preventing it from happening again in a small amount of time.

TY, I'll keep FF

Re:firefox and mac (4, Insightful)

h4rr4r (612664) | more than 5 years ago | (#27083417)

Ok, so explain why apache is less exploited than IIS. It is used far more.

Your little idea is cute and has been proposed by many before, and just like then it is wrong.

Also you should investigate your keyboard it seems to be broken.

Re:firefox and mac (4, Interesting)

Qzukk (229616) | more than 5 years ago | (#27083451)

The site does not say "firefox may not be secure" they're saying "firefox poses a security risk". One of them is a statement of fact that they do nothing to back up, the other one is an opinion which may or may not be valid, but is theirs to hold.

I wonder if what they meant was "our site looks like crap in firefox so please don't use it". Or maybe by "poses a security risk" they mean "the secret fields we spent hours figuring out how to hide behind other stuff refuses to stay hidden in firefox, so using it is a risk to OUR security".

Re:firefox and mac (0)

Anonymous Coward | more than 5 years ago | (#27083567)

Dear Microserf,

Stop smoking the shredded Vista cases and step away from the keyboard.

Because gun #1 uses non-standard ammo and parts ... so the General would say "F#%K that! I'm giving my soldiers a standardized weapon that is unproven in combat but has had great field trials and responses from combat troops in live fire exercises."

Re:firefox and mac (1)

Fulcrum of Evil (560260) | more than 5 years ago | (#27083651)

you tend to choose gun #1.

No, you requisition some guns, get manufacturers to submit bids and test their samples. Then you screw it up anyhow by not shipping cleaning kits with the version 1 of whatever you choose.

ie and microsoft are more "battlehardened" than firefox or mac

Yeah right. IE is swiss cheese and I won't use it period. FF leaks memory, but it doesn't have any serious exploits that I've run into, despite being at a probable 10-20% marketshare.

Mozilla (5, Interesting)

zogger (617870) | more than 5 years ago | (#27083183)

Mozilla is an actual bona fide business allied with google among others, and as such I hope they sue the living snot out of that agency for making such a public claim. This sort of thing is no freakin joke. If they do, I would be interested to see what comes out in discovery with the actual human bureaucrats involved in setting this policy and posting that.

It's a trap! (1)

retroStick (1040570) | more than 5 years ago | (#27083187)

So IE was the more secure browser all along! Why didn't I see this twist coming?! Everyone stop using Firefox NOW! Mozilla are lulling us into a false sense of security!

Come back IE, all is forgiven...

That's the opposite of what the DHS said (4, Interesting)

Anonymous Coward | more than 5 years ago | (#27083213)

So now Colorado thinks they're smarter than the feds?

Not long ago the DHS said to avoid IE and use firefox for security reasons.
http://www.google.com/search?q=dhs+avoid+ie

April Fool's? (1)

oddball33 (1406731) | more than 5 years ago | (#27083225)

Isn't it a little early for an April Fool's joke? If they're serious, then they must have been smoking something really good.

You'll find that government employees aren't tops (0)

Anonymous Coward | more than 5 years ago | (#27083251)

It's almost inevitable that the private sector is going to get better (read: more qualified, more motivated) employees than public agencies. There are any number of reasons for this, but here are a couple, in no particular order:

Lack of positive motivation. Government employees are not driven to innovate or excel, in fact quite the opposite. Usually any "boat rocking" is severely frowned upon and "not invented here" syndrome was indeed invented there. When the excellence is recognized and rewarded the same as the mediocrity, eventually everyone sinks to the LCD.

Lack of negative motivation. Basically, a government employee is on the dole. Because of union protections and government policies, these people cannot be fired, even for cause, without jumping through a series of hoops that only a lawyer could love. (See California's recent budget crisis as an example: even when the State COULD NOT PAY they were not allowed to lay anyone off) When someone can sit around and screw off without worrying about consequences, all too often they will.

Mindset. People who take government positions tend to value stability over all. This is the type of job where you won't get rich or become well known, but you'll also never get laid off or have to take risks.

You can almost see the little wheels turning inside a State employee's/sys admin's head: "Nobody ever got a promotion for choosing something new and better--Nobody ever got fired for choosing IE--Firefox is 'risky' "

Nothing to see here. Move along.

Blue sky! (0)

Anonymous Coward | more than 5 years ago | (#27083255)

http://www.coworkforce.com/Skills/faq.aspx

one of the FAQ's is why is the sky blue

also note the radio buttons for the questions.

Seems they don't know how to layout it for firefox (1)

roguegramma (982660) | more than 5 years ago | (#27083307)

Seems they don't know how to layout it for firefox ..

MUST.. not.. RESET.. everyones PASSWORD for.. THEIR.. EID..

Figures (1)

supersloshy (1273442) | more than 5 years ago | (#27083337)

This does kinda seem obvious since they have "Why is the Sky Blue" [coworkforce.com] listed as a FAQ question of all things.

Firefox still has a ways to go (0, Offtopic)

imemyself (757318) | more than 5 years ago | (#27083357)

While it doesn't look like this is why Colorado is trying to discourage people form using FF, there are some big reasons why its difficult to securely deploy FF in organizations.

Namely, the fact that Mozilla *still*, for some amazing reason, refuses to release an official MSI version of Firefox. Even though its one of the most requested features/changes. Yes, I'm aware that there are a few third parties that repackage Firefox as an MSI. But if they ever want Firefox to be adopted by larger organizations they have to make it easy to deploy and administer an official version of Firefox. Without an MSI, there is no easy way to update Firefox on a large number of computers without going from computer to computer and logging in as an administrator. That's an unacceptable solution in most organizations (at least ones that have a clue and don't give all users local admin rights).

Re:Firefox still has a ways to go (1)

h4rr4r (612664) | more than 5 years ago | (#27083475)

Build your own, numbnuts.
If you can't do that you don't deserve even a windows admin job.

Yes and no (1)

Pagey123 (1278182) | more than 5 years ago | (#27083383)

Part of my day job consists of administering a small Active Directory domain (25 nodes). And of course I can craft all sorts of nifty GPOs to control the behavior of IE on the clients within the domain. So, from that point of view, one might be able to argue that IE is in fact "more secure". Or, more controllable, perhaps.

Now, I'd personally prefer to have FF on all the clients and have FF controlled via a GPO, but to my knowledge that is not possible. If it is, someone please point me in that direction.

Re:Yes and no (2, Insightful)

h4rr4r (612664) | more than 5 years ago | (#27083543)

Build your own firefox installer with whatever changes you need and then make an msi and distribute that.

This is so easy even a windows admin can do it.

Re:Yes and no (1)

Pagey123 (1278182) | more than 5 years ago | (#27083607)

That's an excellent idea! Though it would be nice if you could use a GPO to make changes "on the fly," so to speak. Our core processor use a certain web based app that simply refuses to work with a couple of GPO settings, and it's nice to be able to turn those on/off without reinstalling any software. But I just don't see MS designing in control for FF.

What an epic fail (1)

jmorris42 (1458) | more than 5 years ago | (#27083409)

Not only is the site horrible broken, poorly designed, etc. The home link goes somewhere that doesn't exist.

The feedback form is broken and there isn't a working email address anywhere to be found on the site.

EPIC FAIL!

The only hope would be that it hasn't really gone live yet and that looks like the most probable explanation. Strip away the URL to the main server and there isn't an obvious link to /Skills/* to be found.

Remember who we're dealing with here ... (0)

Anonymous Coward | more than 5 years ago | (#27083437)

"Gentlemen, congratulations. You're everything we've come to expect from years of government training. ..." (Zed, "Men in Black")

Another IE fan who does not know... (1)

dysmey (1165035) | more than 5 years ago | (#27083577)

how easy it is to add the User Agent Switcher to Firefox and set Firefox up to pretend it is IE6.

But then, anyone who does know would not entrust any kind of data to someone's unguarded desktop workstation (as opposed to, say, a firewalled server). It doesn't speak well, not just to the IE fan but also to the State of Colorado for being so cheap as to hire him in the first place and make him use his workstation as a OIT server.

The Firefox warning has been removed (1)

cnock (163362) | more than 5 years ago | (#27083619)

Looks like they just took the Firefox derision off the page. Way to go Slashdot!

Stupid is as stupid does. (1)

geekmux (1040042) | more than 5 years ago | (#27083655)

No, no, no, you guys are getting it all wrong. Firefox does not pose a security risk, Firefox IS the security risk, you see? This setup is so screwed that a Firefox 2 browser with a handful of plugins could probably bring it down.

THAT is what they fear and warn against.

In the meantime, please feel free to use the rather benign (and broken) IE6 to your hearts content. After all, Windows products can't hack Windows servers, right?

Uh, right?

In other news... (1)

Daswolfen (1277224) | more than 5 years ago | (#27083667)

... the entire State of Colorado's network shutdown today when every machine became infected with Trojan.BHO. When asked what was the source of the rampant spread of the trojan, the network administrator was at a loss because the state only allows Internet Explorer.

In related news, Colorado has begun issuing IOUs for state income tax refunds because the entire treasure was transferred to Nigeria in what the Office of Technology has determined is a sound investment.

Group Policy Settings (1)

spinkham (56603) | more than 5 years ago | (#27083669)

Honestly, IE 7 is not much less safe then Firefox, and can be locked down via Windows group policy. I can understand how Firefox can be considered a security risk, as this sort of group settings changing is more difficult.

IE 6 is another story, and should be put out to pasture as soon as possible.

I'm no lover of Microsoft or IE in particular, but I can understand this decision. But please, really, let IE 6 die...

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?