Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

More Security Hiccups For IE


  • Please log in to reply
4 replies to this topic

#1 Scarlett

Scarlett

    Bleeping Diva


  • Members
  • 7,479 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:As always I'm beside myself ;)
  • Local time:09:09 AM

Posted 18 November 2004 - 09:58 AM

Microsoft's Internet Explorer has become a turkey shoot for flaw finders. By Robert Lemos CNET News.com November 17, 2004 This week, three more vulnerabilities were found in version 6 of the software giant's flagship Web browser, security information provider Secunia said on Wednesday. That brings the total number of IE vulnerabilities disclosed in the past two months to 19, including eight flaws fixed by Microsoft during its October patch cycle. The latest flaws were found by two different researchers, Secunia said. Two could be used together to allow malicious content to bypass an mechanism in Microsoft Windows XP Service Pack 2 that alerts people about potentially harmful programs, Secunia stated. The third vulnerability could be used to overwrite the cookies of a trusted site to hijack a Web session, if the site handles authentication in an insecure manner, according to that advisory.
Posted Image

BC AdBot (Login to Remove)

 


#2 jgweed

jgweed

  • Members
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:09:09 AM

Posted 18 November 2004 - 10:57 AM

This sort of thing ceases to be news after a short while. I note that according to some reports, the security problems even arise in SP2. I suppose that, at some point or another, MS will get around to fixing them---maybe this month, maybe next, well SOMETIME.

And MS has a hissy fit because these holes are published on the web---gee that means since it is public, someone at MS has to work past 5 to fix it...or maybe if they wait enough monthly updates, it will go away.

Here is a company with billions of dollars in cash in some money room, and they can't get things fixed in a decent time. All those programmers are sitting in that room counting the money, I gues, instead of fixing their bloated and insecure code.

*RANT RANT RANT*

Cheers,
John
Whereof one cannot speak, thereof one should be silent.

#3 Scarlett

Scarlett

    Bleeping Diva

  • Topic Starter

  • Members
  • 7,479 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:As always I'm beside myself ;)
  • Local time:09:09 AM

Posted 18 November 2004 - 11:06 AM

:flowers: Well said!!!! :thumbsup:
Posted Image

#4 jgweed

jgweed

  • Members
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:09:09 AM

Posted 18 November 2004 - 06:19 PM

Well, here is a company that set out to "own" the web and the OS. They made IE a part of their OS, so it has to be on your computer for Windows to work. They were quite happy when this agenda sent Netscape into the nether regions of computerdom, quite happy to put IE on a "set it and forget it" development track, and quite happy to mouth---when they were backed up to a wall---a trustworthy computing slogan.

However, their response to fixing the dominant browser they forced on their customers has been extremely slow and halfhearted. When they actually bothered to create a patch, and the patches came almost weekly, they changed to a monthly patch---was this to make things easier for the user, or was it another case of them pulling the wool over everyone's eyes so they didn't notice the number of security issues that came up every month?
Then MS decided that XP needed to be on everyone's system, since only half of the Windows users ran the newest version. DESPITE their prior written commitment to support other OS (and IE) past the "normal" life cycle, they abruptly did an about face and recently indicated that IE patches would be issued for XP systems only. And if, for example, you wanted to have a popup blocker for IE (you know, something useful and modern like Mozilla has) then it was included in SP2. The other 50 percent of IE users could go sc*w themselves.

*Rants some more*

Cheers,
John
Whereof one cannot speak, thereof one should be silent.

#5 Scarlett

Scarlett

    Bleeping Diva

  • Topic Starter

  • Members
  • 7,479 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:As always I'm beside myself ;)
  • Local time:09:09 AM

Posted 18 November 2004 - 06:28 PM

That is what really gets to me. Is the fact that XP is not a valid choice regarding a safe OS eiether. SP2 seems to have nothing but problems since it was released. Conflicts, security etc. whatever. How do they sleep at night? Patch after patch after patch. When will it ever end? I still have ME. And I'm gonna stick with it as long as I am able. I refuse to bow down to the demigod Gates-Microsoft!!!!
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users