IE7 Vulnerability Discovered 386
slidersv writes "Not 24 hours after the release of IE7, Secunia reports Internet Explorer Arbitrary Content Disclosure Vulnerability. So much for the "you wanted it easier and more secure" slogan found on Microsoft's IE Website."
Browsers are just too complex (Score:5, Insightful)
As end users, how much of browser bloat do we really need?
I think there was a slashdot story asking for feature requests for firefox recently. my main request is this please:
less of everything
Its already at the case where im starting to notice how long it takes firefox to start. Sometimes more features does not mean better. Its like anything, cars, mobile phones, TVs, they all have major feature bloat.
I found it actually impossible to buy a new mobile *without* internet access. Its insane. i remember when you didnt have an animated 'startup' screen for your phone, because the damned things just switched on.
Feature bloat -> just say no
Not much of a surprise (Score:3, Insightful)
Active Scripting (Score:2, Insightful)
Re:Firefox (Score:2, Insightful)
Re:Old exploit (Score:2, Insightful)
Re:This is news??? (Score:4, Insightful)
Re:Browsers are just too complex (Score:5, Insightful)
While I agree with your No Bloat argument, you neglected an oft overlooked reason that IE contains all these "features", and it's not web developers. It's application developers. There are a slew of vertical market applications that many small to midsize companies are using, where the developer has dropped, or maybe never had, its own user interface, in favor of using IE and ActiveX controls. Insurance brokerages, medical practices, law firms and more, all of them have large, commercial, expensive applications available to them for running their businesses, and many of them are IE based. IE in these cases is just the front end to data stores running on everything from SQL Server on Intel to AIX on Power to whatever. Many times with no Internet connectivity at all.
MSFT can't just disable, drop or change these features, because doing so could break an enter business. So they just pile up more and more code into an already chaotic program.
Helllloo? (Score:5, Insightful)
But, don't forget that if you strip away too much, you'll end up with Lynx. Some people like at least images and css, you know?
Re:Browsers are just too complex (Score:5, Insightful)
You would lose that wager. 80%+ of the technology that makes web browsers tick is required just to show you a blasted web page. The standardized APIs allow a good way for JavaScript to then make those pages interactive. Not too many sites are JavaScript-free these days.
What I think you're trying to say, is that features above and beyond the W3C standards are:
1. Not useful
2. Poor attempts at lockin
3. Dangerous
If Microsoft would just stick to the bloody standards, we'd all be better off. Unfortunately, they're still in 1995 mode, trying to beat Netscape at their own propertization game. It wouldn't surprise me if the requests for DOM 2 Events support were STILL ignored in this "final" release of IE7. *grumble* And Microsoft thinks developers will like them because of this?
FYP (Score:3, Insightful)
Re:Firefox (Score:2, Insightful)
That should not affect security! (Score:1, Insightful)
Surely it must be possible to structure the system so that the threat caused by any application going crazy/malicious, can be contained?
This is the system architecture issue that is wider than just a browser.
There will always be issues (Score:4, Insightful)
I mind much less IE's security than IE's compliance to w3 standards. now THAT is annoying. having constantly to create two versions of your code. one for the compliant browsers and then one for IE.
For some reason, the suits at MS thinks that because lots of people use their software they have a moral obligation to tell people what the standards should be. Ok...I know IE7 is not as bad... but its still bad
Re:"Suprise, Suprise, Suprise" -- Gomer Pyle. (Score:3, Insightful)
Not poor programmers? (Score:3, Insightful)
Re:Old exploit (Score:5, Insightful)
Re:Let's be fair (Score:5, Insightful)
Re:Browsers are just too complex (Score:4, Insightful)
I just want a phone. to make and recieve calls. I dont even text.
I know I know, Im old.
Re:Vista RC2 (Score:2, Insightful)
Re:Come on (Score:2, Insightful)
Uhm, hello!?
Using this hole any arbitrary website you visit can request pages from arbitrary other websites *through your browser*, that means including sites to which you may be logged in at the time. For example, your bank account, paypal account, ebay account. They don't even *need* to steal your password if you still have open sessions at sites that matter...
I rather fail to see how this is "not really dangerous at all"!
Re:Firefox (Score:3, Insightful)
He has made 291 comments in the past. He has a number of fans and a number of freaks. He has made comments that some people like and some people don't like, and no matter what he stands for it, by using his account. You're a coward because you make trollish comments and don't have the balls to stand for what you say. You're worried that some people might use your comments against you in a future discussion, or you're worried that this might harm your karma.
The difference? He's a man that's not afraid to stand by what he said, you're a small boy that runs around a creates a mess and then blames some one else. If you have any sort of backbone and not a spine made of jello, you should reveal your username. No? I figured you wouldn't.
Re:Actually, what's wrong with http? its overloade (Score:1, Insightful)
Seriously, get with the fucking program - the people have spoken and this is what they want. No one gives a fuck all about HTTP being for text only. Shut up or get off.
Re:Let's be fair (Score:3, Insightful)
Its not true (Score:3, Insightful)
Re:two words (Score:5, Insightful)
Re:two words (Score:5, Insightful)
I love it when people in the cake decorating industry post to slash dot.