Back in December, I wrote about Cisco’s 2009 Security Threat Report and made the comment that application whitelisting was “the patch for the common user”. My point was a simple one: we cannot stop our people from accessing resources, and instead we should focus on stopping the real threat: the payload.
Yesterday, Stan Schroeder at Mashable wrote a great blog about the French and German governments strongly urging users to stop using Internet Explorer and to use other browsers like Safari and Firefox. The recommendation was made because of a similar vulnerability in Internet Explorer 6, 7, and 8 that allows malicious hackers to remotely execute arbitrary code.
I do not want to cause an international incident (especially with countries that I love to ski in), but I think the recommendation is shortsighted and purely based on the status quo mentality of reactive responses to the du jour threats. Continue reading this post…