Feeds

back to article Internet Explorer becomes Korean election issue

Microsoft’s Internet Explorer market share may soon take a tumble in South Korea if presidential candidate Ahn Cheol-soo wins looming elections. The hot seat hopeful plans to abolish an anachronistic government crypto standard which has effectively locked users into Internet Explorer for over a decade. At the tail end of the …

COMMENTS

This topic is closed for new posts.

... not the only one.

There are some public bodies, here in the UK, that are not just locked into IE, but to IE6, because the bespoke apps written in the "naughties", won't be updated. The firm responsible, knowing they have said body over a barrel, are pushing for an outrageous fee to update.

(As an aside, it appears, finally, that the management are going to 'do something' not because of the MASSIVE security flaws, us in IT have been pounding into their skulls over the last few years, but various sites 'don't look right'.... *sigh*)

8
0
Bronze badge

Now is the Time...

NOW IS THE TIME FOR ALL GOOD MEN AND WOMEN TO COME TO THE AID OF THEIR COUNTRY!!!! NOW is the time to depose crypto and certificates that stymie home-grown startups that dearly do not want to se IE, windows, or only one browser.

0
0
Silver badge
Stop

Why they did it

At the tail end of the 1990s, the Korean government decided in its wisdom to develop a home-grown 128-bit SSL encryption standard to increase security around e-commerce.

They didn't choose to do this out of vanity. US export restrictions prevented versions of IE with 128-bit encryption from being distributed to Korea, 64-bit was known to be compromised and ActiveX was a reasonable solution to a big problem then.

10
0
Anonymous Coward

Re: Why they did it

"ActiveX was a reasonable solution to a big problem then"

ActiveX has always been a big problem

Fixed

6
0
Silver badge

Re: Why they did it

"US export restrictions prevented versions of IE with 128-bit encryption from being distributed to Korea,"

So, don't use IE would seem to be a better solution.

6
2
Silver badge

Re: Why they did it

So, don't use IE would seem to be a better solution.

The same export restrictions also applied to the other browser of the time: Netscape and there was no workaround for it at the time. So, the decision at the time was either use ActiveX and have encryption or don't use ActiveX and have no encryption.

There has since been plenty of time to start moving towards using 128-bit https encryption in the browser but changes like this have very high inertia: you have to maintain both systems while you migrate customers. And, once developers have got used to a monoculture they are even more resistant to change which, let's face it, is not required by the job in hand and is going to incur considerable costs. Of course, it is exactly to avoid this kind of lock in that people advocate open standards for.

1
0
Silver badge

Re: Why they did it

Yes, but even back then it was known that if you enforce a technology you must first publicly document it. Enforcing the use of some age old ActiveX "plugin" which only exists in binary form was, even by 1990s standards, stupid.

0
0
Silver badge
Holmes

Re: Why they did it

Wouldn't Java have done the job too?

0
0
Mushroom

" home-grown 128-bit SSL encryption standard"

So it's secure unless the government want to have a look thru that built-in back door?

Just saying.

2
0
Anonymous Coward

@Proud Father

Considering the US Gov via the NSA provides "official" encryption standards like DES and AES, this should be obvious to all. Taken with the fact they use alternative methods for encrypting their own comms should highlight the built in back door even more.

2
1

Re: @Proud Father

AES was chosen after an international public competion and is designed by two Belgian cryptographers (Joan Daemen and Vincent Rijmen)

3
0
Bronze badge
Facepalm

Amazing

So they turned to IE and ActiveX for security?

Wow. Just wow.

6
0
Silver badge

My boss...

turned to the NetBIOS Frames protocol http://en.wikipedia.org/wiki/NetBIOS_Frames_protocol for security!

He claimed it's not routable and therefore secure.

0
0
Anonymous Coward

Re: My boss...

Not as daft as it sounds, really. Well, daft from a usability standpoint, but not running IP on your network would certainly prevent the usual hacks. But it'd be simpler to not use the 'net in the first place.

Sent using NetWare 3.13

1
0
Mushroom

Microsoft

...innovators of the web - MY ARSE!

1
0
This topic is closed for new posts.