I wonder what an Internet Explorer 0-day does for these people? Maybe that's all they had? Is it supposed to be a "sign" to us that they are capable of developing exploits?
Surely no security researcher would open a link in IE as their "burner browser"?
I remember IE was required for the South Korean government issued digital certificate (required for all internet-based retail transactions and likely others).
I guess I had assumed that the standard was compatible with newer versions of Windows or MS browsers. Really sad if it isn’t.
For some things in SK you have to download a bunch of weird proprietary government .exe's that seem to only run in conjunction with specific combinations of windows and IE. I was pretty shocked when my wife and I went to get our marriage certificate from the government, and going to get our marriage certificate was finding an old windows NT system at her college library that everyone used to do their government related .exe stuff. We had to download 2 or 3 apps to do it, I'm not even sure what they all did, just a bunch of programs you had to run in a specific order, some of them provided iFrame type windows to logins, it was really strange.
I wonder why they needed an active x control for that. TLS/SSL client certificates have been supported by all browsers since basically forever, going back even further than active x.
If I had to guess, HTTPS / SSL was governed by US export restrictions above a certain strength so S Korea managed to use the existing extensibility built into the browser the government wanted to support.
Yes, I roughly understand the limitations of the existing implementation. but it is not the only browser or platform and it’s not like the S Korean government is not capable of noticing the market share / cybersecurity trends of the past decade+.
If Microsoft suddenly disabled all IE installations in South Korea, they'd have no choice but to change. Sometimes I wonder if the Apple-style "this just won't work at all anymore" attitude isn't that bad.
It has its places, given the correct trade-off, it works well. Not allowing flash was good because iOS was a growing market with no preexisting businesses relying on flash on iOS to work.
Not in SK, but in China
Here basically all banks require ActiveX, and if you don't have an Windows computer(Mac), what you can do is to use their app, which of course is super sluggish.
My understanding (not sure how accurate or up-to-date) is that Windows still opens some file formats using Internet Explorer (possibly depending on other OS/domain settings). The Windows Help File (.chm) or something similar comes to mind.
Also worth pointing out that security researchers targeting specific platforms/applications (say a specific version of older Windows where one particular organization has applications which require a specific version of IE) might be a valuable stack for the researcher to spend time on.
That said, those stacks/environments should be treated like a meth lab: you want to be very careful what you do with it and it shouldn’t be commingled with where you live and play.
Edge is Microsoft's new browser that is based on Chromium. It is distinct from Internet Explorer which is effectively deprecated but still used somewhat widely as many legacy enterprise applications still require it.
Surely no security researcher would open a link in IE as their "burner browser"?