Thursday, November 02, 2006

Dept of Homeland Stupidity

US-CERT, the government's computer security arm, is responding to news that a Microsoft application may be exploitable.

Until an official update, patch, or more information becomes available, we recommend the following actions to help mitigate the security risks:

* Review the workarounds described in Microsoft Security Advisory 927709.
* Disable ActiveX as specified in the Securing Your Web Browser document and the Malicious Web Scripts FAQ.
* Do not follow unsolicited links.
* Review the steps described in Microsoft's document to improve the safety of your browser.
What terrible, terrible advice; you might as well ask consumers to unplug their computers from the internet for as useful as this is.
  1. Asking a user to read technical documents is just asinine. I don't even understand most of them and I do this full time!
  2. If users are following unsolicited web links in 2006 then they probably aren't reading alerts from US-CERT anyway.
  3. Providing users instructions on how to break their browser without providing an explanation of what the consequences are really just takes the cake.
If this is a legitimate government function, they would be much more effective by explaining what exploits are available in the wild or some other education services. Recommending a bunch of counter-productive, destructive nonsense isn't providing anyone any value.

No comments:

Post a Comment