UK.gov unmoved by Internet Explorer 6 security concerns

Google, NHS cast off exploited browser


Google and the NHS may soon be ditching support for Internet Explorer 6, but that hasn’t stopped UK government officials from declaring the browser doesn’t give them cause for concern, unlike their French and German counterparts.

On Friday Google - which was recently the victim of a high-profile attack from hackers understood to be based in China, who exploited code in IE6 - confirmed plans to dump support for old browsers.

From 1 March, Mountain View will turn its back on IE6 for good.

“Many other companies have already stopped supporting older browsers like Internet Explorer 6 as well as browsers that are not supported by their own manufacturers,” noted Google.

“We’re also going to begin phasing out our support, starting with Google Docs and Google Sites. As a result, you may find that from March 1 key functionality within these products - as well as new Docs and Sites features - won’t work properly in older browsers.”

Meanwhile, Lord West of Spithead, who is the parliamentary under-secretary of state at the Home Office, confirmed last week that the UK government was unconcerned about IE’s security flaws.

“Complex software will always have vulnerabilities and motivated adversaries will always work to discover and take advantage of them,” he said in response to a question tabled by Lord Avebury.

“We take internet security very seriously and we have worked with Microsoft and other suppliers over many years to understand the security of the products used by HMG, including Internet Explorer.

“There is no evidence that moving from the latest fully patched versions of Internet Explorer to other browsers will make users more secure. Regular software patching and updating will help defend against the latest threats,” said West.

Avebury, who had asked the government to confirm what talks it had had with its French and German counterparts about security risks of using Internet Explorer, claimed on his blog that parliamentary IT authorities “actively discourage members from using [Google’s web browser] Chrome.”

On 26 January, West retorted that Microsoft’s patch to fix the recent IE vuln, coupled with government departments being issued with a “GovCertUK alert” on how to respond to such exploits in the browser, meant that UK.gov was well-equipped to slap down any potential hack.

“A government user, operating on government systems, such as the Government Secure Intranet (GSi), will benefit from additional security measures, unlikely to be available to the average home computer user. These include tools which actively monitor for evidence of any malicious attacks,” he said.

However, one government department has made it abundantly clear that it has little faith in IE6.

Late last week the Department of Health told NHS trusts whose systems were running on Windows 2000 or XP to switch to version 7 of Microsoft's browser. ®


Other stories you might like

  • Google Pixel 6, 6 Pro Android 12 smartphone launch marred by shopping cart crashes

    Chocolate Factory talks up Tensor mobile SoC, Titan M2 security ... for those who can get them

    Google held a virtual event on Tuesday to introduce its latest Android phones, the Pixel 6 and 6 Pro, which are based on a Google-designed Tensor system-on-a-chip (SoC).

    "We're getting the most out of leading edge hardware and software, and AI," said Rick Osterloh, SVP of devices and services at Google. "The brains of our new Pixel lineup is Google Tensor, a mobile system on a chip that we designed specifically around our ambient computing vision and Google's work in AI."

    This latest Tensor SoC has dual Arm Cortex-X1 CPU cores running at 2.8GHz to handle application threads that need a lot of oomph, two Cortex-A76 cores at 2.25GHz for more modest workloads, and four 1.8GHz workhorse Cortex-A55 cores for lighter, less-energy-intensive tasks.

    Continue reading
  • BlackMatter ransomware gang will target agriculture for its next harvest – Uncle Sam

    What was that about hackable tractors?

    The US CISA cybersecurity agency has warned that the Darkside ransomware gang, aka BlackMatter, has been targeting American food and agriculture businesses – and urges security pros to be on the lookout for indicators of compromise.

    Well known in Western infosec circles for causing the shutdown of the US Colonial Pipeline, Darkside's apparent rebranding as BlackMatter after promising to go away for good in the wake of the pipeline hack hasn't slowed their criminal extortion down at all.

    "Ransomware attacks against critical infrastructure entities could directly affect consumer access to critical infrastructure services; therefore, CISA, the FBI, and NSA urge all organizations, including critical infrastructure organizations, to implement the recommendations listed in the Mitigations section of this joint advisory," said the agencies in an alert published on the CISA website.

    Continue reading
  • It's heeere: Node.js 17 is out – but not for production use, says dev team

    EcmaScript 6 modules will not stop growing use of Node, claims chair of Technical Steering Committee

    Node.js 17 is out, loaded with OpenSSL 3 and other new features, but it is not intended for use in production – and the promotion for Node.js 16 to an LTS release, expected soon, may be more important to most developers.

    The release cycle is based on six-monthly major versions, with only the even numbers becoming LTS (long term support) editions. The rule is that a new even-numbered release becomes LTS six months later. All releases get six months of support. This means that Node.js 17 is primarily for testing and experimentation, but also that Node.js 16 (released in April) is about to become LTS. New features in 16 included version 9.0 of the V8 JavaScript engine and prebuilt Apple silicon binaries.

    "We put together the LTS release process almost five years ago, it works quite well in that we're balancing [the fact] that some people want the latest, others prefer to have things be stable… when we go LTS," Red Hat's Michael Dawson, chair of the Node.js Technical Steering Committee, told The Register.

    Continue reading

Biting the hand that feeds IT © 1998–2021