IE7 Vulnerability Discovered 386
slidersv writes "Not 24 hours after the release of IE7, Secunia reports Internet Explorer Arbitrary Content Disclosure Vulnerability. So much for the "you wanted it easier and more secure" slogan found on Microsoft's IE Website."
two words (Score:5, Funny)
Re:two words (Score:5, Funny)
Re: (Score:2, Informative)
Re:two words (Score:5, Insightful)
I love it when people in the cake decorating industry post to slash dot.
Re:two words (Score:5, Funny)
Brillant Link. (Score:4, Informative)
Paula's Brillant Bean:
http://thedailywtf.com/forums/40043/ShowPost.aspx [thedailywtf.com]
Re: (Score:2)
Re:two words (Score:4, Informative)
blabla.tld.
http://www.google.com/ [google.com]
http://www.google.com./ [www.google.com]
Both work.
Re:two words (Score:5, Funny)
ha ha [imageshack.us]
Re: (Score:3, Informative)
Re: (Score:3, Funny)
Re:two words (Score:5, Insightful)
IE7 Vulnerability Discovered (Score:5, Funny)
Oh Microsoft, what are we going to do with you, eh?
Re:IE7 Vulnerability Discovered (Score:4, Funny)
PGA
Browsers are just too complex (Score:5, Insightful)
As end users, how much of browser bloat do we really need?
I think there was a slashdot story asking for feature requests for firefox recently. my main request is this please:
less of everything
Its already at the case where im starting to notice how long it takes firefox to start. Sometimes more features does not mean better. Its like anything, cars, mobile phones, TVs, they all have major feature bloat.
I found it actually impossible to buy a new mobile *without* internet access. Its insane. i remember when you didnt have an animated 'startup' screen for your phone, because the damned things just switched on.
Feature bloat -> just say no
Re:Browsers are just too complex (Score:5, Funny)
Re: (Score:3, Interesting)
The only reference I could find to an mhtml URI through google (which isn't a vulnerability report) is for HTML email. I've generated multi-part MIME email content and never once came across this type of URI. So if someone could elaborate on why this feature even exists it would be helpful.
Re:Browsers are just too complex (Score:5, Interesting)
I don't think this is the case, because for the most part users don't choose which broswer features they use; web sites do that for them.
However, I think the web development model is far too complex, which both causes site developers to create security holes in their applications, and creates many places for security holes to exist in the browser itself.
Re:Browsers are just too complex (Score:5, Insightful)
While I agree with your No Bloat argument, you neglected an oft overlooked reason that IE contains all these "features", and it's not web developers. It's application developers. There are a slew of vertical market applications that many small to midsize companies are using, where the developer has dropped, or maybe never had, its own user interface, in favor of using IE and ActiveX controls. Insurance brokerages, medical practices, law firms and more, all of them have large, commercial, expensive applications available to them for running their businesses, and many of them are IE based. IE in these cases is just the front end to data stores running on everything from SQL Server on Intel to AIX on Power to whatever. Many times with no Internet connectivity at all.
MSFT can't just disable, drop or change these features, because doing so could break an enter business. So they just pile up more and more code into an already chaotic program.
Re: (Score:2, Interesting)
I recently visited the website of a car manufacturer which was full of (I don't want to know which one) cool things to replace the HTML and no kidding (I used my watch), I had between 80 and 200s between the moment I pushed a button and the expected effect (and yes, I was under up-to-date XP/IE6 with a perfectly working 11Mb/s line and it was not at a moment they should be expecting much trafic). The site was of course really nice looking, but it cou
Helllloo? (Score:5, Insightful)
But, don't forget that if you strip away too much, you'll end up with Lynx. Some people like at least images and css, you know?
Parent =/= Troll (Score:2)
FireTroll or TrollFox... nope, just a good idea (Score:2, Informative)
It's a serious point. You could make a lite version. Lots of people would give it a try, me included. And there have already been forks of Firefox, like IceWeasel and Tor Park.
If it were talking about forking IE, it should be labeled "joke". As it's talking about Open Source stuff, it should be "insigtful".
Re: (Score:2)
Re:Browsers are just too complex (Score:5, Insightful)
You would lose that wager. 80%+ of the technology that makes web browsers tick is required just to show you a blasted web page. The standardized APIs allow a good way for JavaScript to then make those pages interactive. Not too many sites are JavaScript-free these days.
What I think you're trying to say, is that features above and beyond the W3C standards are:
1. Not useful
2. Poor attempts at lockin
3. Dangerous
If Microsoft would just stick to the bloody standards, we'd all be better off. Unfortunately, they're still in 1995 mode, trying to beat Netscape at their own propertization game. It wouldn't surprise me if the requests for DOM 2 Events support were STILL ignored in this "final" release of IE7. *grumble* And Microsoft thinks developers will like them because of this?
Re: (Score:3, Informative)
Like this: http://www.websiteoptimization.com/speed/tweak/co
Re: (Score:2)
Firefox is gaining acceptance because it's more secure, generally faster, and provides far better support for the newer W3C standards such as CSS2. If you're looking for a small
Re: (Score:2, Funny)
We could call it "Phoenix."
Re:Browsers are just too complex (Score:4, Insightful)
I just want a phone. to make and recieve calls. I dont even text.
I know I know, Im old.
Old exploit (Score:5, Informative)
Re: (Score:2, Insightful)
Re: (Score:3, Funny)
KFG
Re:Old exploit (Score:5, Interesting)
To me, at least, that's kind of the point. I mean, this is an old old IE6 bug, that M$ has known about for a certainly reasonable amount of time. Yet, they still haven't fixed it. And not to say it's a big deal that they haven't fixed it in IE6 yet. It's not like it's a Critical Priority bug (no pirates can steal Windows or MP3s because of it). But they point is, they did their whole "We heard you" campaign, and claimed IE7 was going to be this great new secure landscape... and they didn't even clean up the old IE6 bugs they KNEW about? I mean, seriously, at this point are we supposed to believe that they're even trying?
Re: (Score:2)
But I thought IE7 was a brand new browser that didn't use and of the buggy old IE6 code.
Score:5, yet more damage control)
Re:Memory leaks (Score:3, Informative)
Re:Old exploit (Score:5, Insightful)
Using Vista RC1 (Score:5, Interesting)
Vista RC1 was released almost a month ago.
So I am surprised this new XP IE7 build still exibits this issue.
Looking at the source, I suspect this is not a IE issue at all, instead this is a MSXML issue.
Vista has anewer version of MSXML.
XP IE7 seems to be using the older version.
Misunderstanding (Score:5, Funny)
Re: (Score:3, Funny)
Let's be fair (Score:5, Informative)
Re: (Score:2)
It can't be hard to figure that these things are going to get jumped on. Why not fix it and save the bad press?
Re:Let's be fair (Score:5, Insightful)
Re: (Score:3, Insightful)
Re:Let's be fair (Score:4, Informative)
Not much of a surprise (Score:3, Insightful)
Re: (Score:2)
Re: (Score:2)
News? (Score:3, Funny)
Vista RC2 (Score:2, Interesting)
Re: (Score:2)
Active Scripting (Score:2, Insightful)
Come on (Score:3, Informative)
Re: (Score:2)
You might want to retake an IQ test before you start calling names on
Re: (Score:2)
Re: (Score:2)
Re:Come on (Score:5, Informative)
Yawn. (Score:5, Funny)
Oh, an IE vulnerability? That's cool man.
Hey, anyone want to get some lunch?
IE7 maybe not vulnerable? (Score:5, Informative)
Not an MS fan, but truth and accuracy are always good.
Re:IE7 maybe not vulnerable? (Score:4, Informative)
http://secunia.com/advisories/22477/ [secunia.com]
"Suprise, Suprise, Suprise" -- Gomer Pyle. (Score:2, Interesting)
"Insanity is defined as repeating the same behavior and expecting a different result."
Micorosoft have been patching security for years. They now claim, "Security is job one." Do you believe it? Why would you? I would not trust IE unless it is rewritten from scratch. There is only so many patches you can do.
I worked on CALANdar back in the 90s. The program started its life as a quick and dirty in/out notifier. Over the years, it turned int
FYP (Score:3, Insightful)
Re: (Score:2)
Even then I wouldn't trust it. MS's record at new code isn't any better.
Besides which, the Mozilla tree was originally a complete rewrite of
Netscape and that hasn't been exactly bug free. I think the real issue
is simply browsers having everything including the kitchen sink thrown
into them. They need to be streamlined , take out some of the eye candy
and functionality hardly anyone uses and you're off to a better start.
Re: (Score:3, Insightful)
Not poor programmers? (Score:3, Insightful)
This page produces a rendering bug for me (Score:2)
Disingenuous (Score:2)
They claim they want to see secure MS software, but work against the industry practice of making software more secure and bug proof by withholding flaws they find.
Re: (Score:2)
http://secunia.com/advisories/19738/ [secunia.com]
IE7 is actually pretty good (Score:2)
As the saying goes... (Score:2)
Keep chatting it up, people. This is exactly what red-o-mundo' wants - how's it feel to be sooooo used, eh?
There will always be issues (Score:4, Insightful)
I mind much less IE's security than IE's compliance to w3 standards. now THAT is annoying. having constantly to create two versions of your code. one for the compliant browsers and then one for IE.
For some reason, the suits at MS thinks that because lots of people use their software they have a moral obligation to tell people what the standards should be. Ok...I know IE7 is not as bad... but its still bad
Doesn't work on Vista (Score:3, Informative)
So much for "more secure"? (Score:5, Funny)
Its not true (Score:3, Insightful)
Re: (Score:3, Informative)
Trying 213.150.41.226...
Connected to secunia.com.
Escape character is '^]'.
GET
Host: www.secunia.com
Connection: close
HTTP/1.1 302 Found
Date: Thu, 19 Oct 2006 19:30:39 GMT
Server: Apache
location: http://secunia.com/ie_redir_test_1 [secunia.com]
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html
0
They're sending an HTTP redirect, and the browser's following it. It will then send the cookies fo
Re:Firefox (Score:5, Funny)
Re: (Score:2)
What was wrong with printed media?
I don't see what this "web technology" can do that a newspaper can't.
Re:Firefox (Score:4, Funny)
Video pr0n.
Re:Firefox (Score:5, Interesting)
This is a new report of a old vulnerability which isn't serious. The fact that it's been released "not 24 hours" after IE 7 was released is, I would think, because someone decided to release it to coincide with the launch.
Re: (Score:2, Interesting)
Re: (Score:2)
Could you give us a pointer to the Firefox bug and what stuff does it break.
"This is a new report of a old vulnerability which isn't serious"
Could you give us a pointer to the original report.
Score: 5, Damage control
Re: (Score:2)
How is it not serious? Just because Cross-Site Request Forgery [wikipedia.org] (XSRF) isn't used as wildly as other XSS yet doesn't mean it's not as severe.
BTW: I tested the test script on secunia.com with IE7 Beta 2 and it said my browser is not affected by this vulnerability. Yet, JavaScript is enabled.
It would be great if cross-site XML HTTP requests would be forbidden completely in JavaScript. It wouldn't solve XSS completely, but at least some adva
Re: (Score:2)
Lynx vs. links. Security? Standards? Usability? (Score:2, Funny)
Re:Lynx vs. links. Security? Standards? Usability? (Score:5, Funny)
Links? Lynx? You're all wimps.
I posted this by hand using "telnet slashdot.org 80".
Re:Lynx vs. links. Security? Standards? Usability? (Score:5, Funny)
Re: (Score:2)
'course, Slashdot is awful in Lynx. All the stuff in the sidebars goes to the top of the page.
And the comment entry is sucky too...
Re: (Score:3, Funny)
Re: (Score:2, Insightful)
Re: (Score:2, Insightful)
Re: (Score:3, Insightful)
He has made 291 comments in the past. He has a number of fans and a number of freaks. He has made comments that some people like and some people don't like, and no matter what he stands for it, by using his account. You're a coward because you make trollish comments and don't have the balls to stand for what you say. You're worried that some people might use your comments against you in a future discussion, or you're worried that this might harm your karma.
The difference? He's a man that's not afraid to st
Re:Firefox (Score:4, Informative)
Excuse, but where did you read that FF has that exact same vulnerability?
Also, even though FF does have issues, I believe you'll be hard pressed to find a vulnerability in FF that has been known for years and still gone unfixed. (According to heise on http://www.heise-security.co.uk/news/79745 [heise-security.co.uk] this is actually an old bug that also affects IE 6)
Re: (Score:2)
Re: (Score:3, Funny)
Ah, those were the days... rational discourse, on topic discussions, no spelling errors...Why, I remember one time, I said that I thought that Gentoo could be a little easier to install, and nobody modded me down. Dammit, I promised myself I wasn't going to cry!
Re: (Score:2)
Re: (Score:2)
What's sad is you'd think by now, after several exploits in FF have been uncovered, even FireFox fan boys would realize "oh, yeah, writing a browser's reallying f'n hard".
Re:This is news??? (Score:4, Informative)
It's already been done [slashdot.org] and found to be a hoax [slashdot.org].
Anything else you want to complain about?
Re:This is news??? (Score:4, Insightful)
Re: (Score:2)
Re: (Score:2)
I thought IE7 and Vist were going to eliminate such 'issues'. It does work the same under Vista?
"Problem is there are security issues in so much these days that it's really just about what has been found so far."
What a waste it is to lose ones mind. Or not to have a mind is being very wasteful. How true that is. T. Danford Quayle.
Score: 5, brain damage
Re: (Score:2)