IE Security Risks

Discussion in 'other security issues & news' started by PJC, May 27, 2011.

Thread Status:
Not open for further replies.
  1. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
  2. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
  3. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
  4. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    Best flaw ever, how often do users undress people online?:

    I think most users will be pretty safe. ;)
     
  5. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,029
    Location:
    Lloegyr
  6. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    This has some more detail.

    The researcher had informed MS before the release of IE9 but the patch appeared to have been circumvented.

    I'm not sure it would be worth concluding that "most users will be pretty safe."
     
  7. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    Thanks for the info, but as far as I can see, it still involves duping:

    I assume the reason he got this was because his friends actually trust him and therefor play the game, where as a random malicious person might have a harder time.
     
  8. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
  9. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
  10. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    OT posts removed
     
  11. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    Where is it stated they aren't going to fix it?

    Which is perfectly true. Unless you're suggesting they should be pushing out a minimally tested fix for a complex flaw that can barely be used?
     
  12. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    So far most of the publicly available reaction from MS and its self-appointed "agents" is to downplay the severity. I remember how some people were repeatedly insistent that Google need to fix this, that, and the other when Vupen claimed to have breached Chrome's sandbox.

    Surely we should have the same high standards for all security issues.

    I'm not qualified to suggest that they "should be pushing out a minimally tested fix for a complex flaw that can barely be used". Nor am I qualified to issue statements trivializing the issue. I wish the publicists would be as honest.
     
  13. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    Yes, Google DO need to fix it, just like Microsoft NEED to fix this. If they don't they will simply lose users (me included) and their attempt to fix their damaged track record will have been for nothing. What I was discussing is it's urgency. What you were incorrectly assuming is that it wasn't going to get fixed, even thought no form of "it won't get fixed" statement was mentioned anywhere in the article. The similar issue was fixed during IE9s beta phase, they have no reason not to fix it now.
     
  14. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    Don't assume anything on my behalf. I did not like the way the issue was being downplayed.
     
  15. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    My apologies.
     
Loading...
Thread Status:
Not open for further replies.