IE Security Risks

"Cookiejacking"

Internet Explorer Bug Allows Hackers to Steal Facebook Credentials

 

I thought IE9 (on Win7) would be different.

 

Security researcher (Sophos) slams Microsoft over IE9 malware blocking stats.

 

Best flaw ever, how often do users undress people online?:

I think most users will be pretty safe.

 

Idiot Exploiter scores again! Well done! Still no goldfish ...

Cookie Hijacking Vulnerability In Internet Explorer

 

This has some more detail.

The researcher had informed MS before the release of IE9 but the patch appeared to have been circumvented.

I'm not sure it would be worth concluding that "most users will be pretty safe."

 

Thanks for the info, but as far as I can see, it still involves duping:

I assume the reason he got this was because his friends actually trust him and therefor play the game, where as a random malicious person might have a harder time.

 

IE Flaw Could Allow Hackers Access to your Facebook, Gmail, Twitter Accounts

 

Microsoft downplays IE 'cookiejacking' bug

This is a bit disgusting. Why don't they just fix it?

 

OT posts removed

 

Where is it stated they aren't going to fix it?

Which is perfectly true. Unless you're suggesting they should be pushing out a minimally tested fix for a complex flaw that can barely be used?

 

So far most of the publicly available reaction from MS and its self-appointed "agents" is to downplay the severity. I remember how some people were repeatedly insistent that Google need to fix this, that, and the other when Vupen claimed to have breached Chrome's sandbox.

Surely we should have the same high standards for all security issues.

I'm not qualified to suggest that they "should be pushing out a minimally tested fix for a complex flaw that can barely be used". Nor am I qualified to issue statements trivializing the issue. I wish the publicists would be as honest.

 

Yes, Google DO need to fix it, just like Microsoft NEED to fix this. If they don't they will simply lose users (me included) and their attempt to fix their damaged track record will have been for nothing. What I was discussing is it's urgency. What you were incorrectly assuming is that it wasn't going to get fixed, even thought no form of "it won't get fixed" statement was mentioned anywhere in the article. The similar issue was fixed during IE9s beta phase, they have no reason not to fix it now.

 

Don't assume anything on my behalf. I did not like the way the issue was being downplayed.

 

My apologies.