Internet Explorer becomes Korean election issue
Microsoft’s Internet Explorer market share may soon take a tumble in South Korea if presidential candidate Ahn Cheol-soo wins looming elections. The hot seat hopeful plans to abolish an anachronistic government crypto standard which has effectively locked users into Internet Explorer for over a decade. At the tail end of the …
This topic is closed for new posts.
... not the only one.
There are some public bodies, here in the UK, that are not just locked into IE, but to IE6, because the bespoke apps written in the "naughties", won't be updated. The firm responsible, knowing they have said body over a barrel, are pushing for an outrageous fee to update.
(As an aside, it appears, finally, that the management are going to 'do something' not because of the MASSIVE security flaws, us in IT have been pounding into their skulls over the last few years, but various sites 'don't look right'.... *sigh*)
Now is the Time...
NOW IS THE TIME FOR ALL GOOD MEN AND WOMEN TO COME TO THE AID OF THEIR COUNTRY!!!! NOW is the time to depose crypto and certificates that stymie home-grown startups that dearly do not want to se IE, windows, or only one browser.
Why they did it
At the tail end of the 1990s, the Korean government decided in its wisdom to develop a home-grown 128-bit SSL encryption standard to increase security around e-commerce.
They didn't choose to do this out of vanity. US export restrictions prevented versions of IE with 128-bit encryption from being distributed to Korea, 64-bit was known to be compromised and ActiveX was a reasonable solution to a big problem then.
Re: Why they did it
"ActiveX was a reasonable solution to a big problem then"
ActiveX has always been a big problem
Fixed
Re: Why they did it
"US export restrictions prevented versions of IE with 128-bit encryption from being distributed to Korea,"
So, don't use IE would seem to be a better solution.
Re: Why they did it
So, don't use IE would seem to be a better solution.
The same export restrictions also applied to the other browser of the time: Netscape and there was no workaround for it at the time. So, the decision at the time was either use ActiveX and have encryption or don't use ActiveX and have no encryption.
There has since been plenty of time to start moving towards using 128-bit https encryption in the browser but changes like this have very high inertia: you have to maintain both systems while you migrate customers. And, once developers have got used to a monoculture they are even more resistant to change which, let's face it, is not required by the job in hand and is going to incur considerable costs. Of course, it is exactly to avoid this kind of lock in that people advocate open standards for.
Re: Why they did it
Yes, but even back then it was known that if you enforce a technology you must first publicly document it. Enforcing the use of some age old ActiveX "plugin" which only exists in binary form was, even by 1990s standards, stupid.
Re: Why they did it
Wouldn't Java have done the job too?
" home-grown 128-bit SSL encryption standard"
So it's secure unless the government want to have a look thru that built-in back door?
Just saying.
@Proud Father
Considering the US Gov via the NSA provides "official" encryption standards like DES and AES, this should be obvious to all. Taken with the fact they use alternative methods for encrypting their own comms should highlight the built in back door even more.
Re: @Proud Father
AES was chosen after an international public competion and is designed by two Belgian cryptographers (Joan Daemen and Vincent Rijmen)
Amazing
So they turned to IE and ActiveX for security?
Wow. Just wow.
My boss...
turned to the NetBIOS Frames protocol http://en.wikipedia.org/wiki/NetBIOS_Frames_protocol for security!
He claimed it's not routable and therefore secure.
Re: My boss...
Not as daft as it sounds, really. Well, daft from a usability standpoint, but not running IP on your network would certainly prevent the usual hacks. But it'd be simpler to not use the 'net in the first place.
Sent using NetWare 3.13
This topic is closed for new posts.
