Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

cancel ×

386 comments

two words (5, Funny)

doti (966971) | more than 7 years ago | (#16501617)

ha ha

Re:two words (5, Funny)

parodyca (890419) | more than 7 years ago | (#16501679)

but that was only one word..... twice

Re:two words (2, Informative)

Anonymous Coward | more than 7 years ago | (#16501889)

you can't think of all that details when rushing for a first post

Re:two words (5, Funny)

AKAImBatman (238306) | more than 7 years ago | (#16501877)

One word: Brillant!

Re:two words (1, Troll)

Warg! The Orcs!! (957405) | more than 7 years ago | (#16501957)



Brillant?

Re:two words (1)

GuidoW (844172) | more than 7 years ago | (#16502091)

A reference to "The brillant Paula Bean". See http://thedailywtf.com./ [thedailywtf.com.]

>

Sorry, I'm too lazy to search for the actual article in which she was featured right now.

Re:two words (1)

GuidoW (844172) | more than 7 years ago | (#16502123)

Er, sorry, the period at the end of the sentence was obviously not supposed to be part of the URL. Corrected version:
http://thedailywtf.com/ [thedailywtf.com]

Re:two words (5, Funny)

knightmad (931578) | more than 7 years ago | (#16501939)

If you are going to do, at least do it right:

ha ha [imageshack.us]

Re:two words (3, Funny)

tsjaikdus (940791) | more than 7 years ago | (#16502067)

What a relief they've found the bug. OK, now it's save to use.

Firefox (-1, Troll)

QBasicer (781745) | more than 7 years ago | (#16501633)

Just one more reason to stick to Firefox. Better yet, everybody switch to lynx.

Re:Firefox (4, Funny)

bagboy (630125) | more than 7 years ago | (#16501659)

What was wrong with gopher???

Re:Firefox (1)

QBasicer (781745) | more than 7 years ago | (#16501839)

On second thought, why not just use telnet? Surely that'll be safe from everything...right?

Re:Firefox (1)

Reverend528 (585549) | more than 7 years ago | (#16502101)

What was wrong with printed media?

I don't see what this "web technology" can do that a newspaper can't.

Re:Firefox (0, Flamebait)

HardSide (746961) | more than 7 years ago | (#16501683)

Do Firefox fan boys get a nickel everytime they defend firefox? Honestly, this browser fan boy war needs to end, this isn't digg.com, we are more civilized. Besides, if firefox had as many users as internet explorer, im sure their would be vulnerabilities popping up from left to right for FF.

Re:Firefox (2, Insightful)

QBasicer (781745) | more than 7 years ago | (#16501799)

We get a quarter, actually. Obviously people are going to defend what they like. I like Firefox, although I never used to. I used to hate Mozilla, Netscape and family. I used Opera for a while, but I just don't like IE. I'm sure the day is soon coming when FireFox will have exploit after exploit.

Re:Firefox (-1, Flamebait)

Anonymous Coward | more than 7 years ago | (#16501943)

Soon coming? This exploit already exists in FF. Just another bunch of anti-MS FUD. If people on slashdot were honest they'd have noted this in the blurb... Oh, that's right, honesty and slashdot don't mix anymore.

And if slashdotters were honest they'd use opera in the first place if non-buggy, low exploit-ability is what they're looking for.

Re:Firefox (2, Insightful)

diersing (679767) | more than 7 years ago | (#16502033)

And if you were honest you wouldn't be hiding behind the AC label.

Re:Firefox (-1, Troll)

Anonymous Coward | more than 7 years ago | (#16502215)

Says a guy behind an account that doesn't disclose a name, location, profession or even an email address that could be used to identify a service provider.

Oh, but because you took some time to sign up for a free account on a site that allows you to have as many accounts as you want and takes no steps to validate any information, save the email address which can be from a free service, you're more "honest" than that AC or me?

Uh huh. Whatever you say anonymous coward.

Re:Firefox (1)

tsa (15680) | more than 7 years ago | (#16501929)

But aren't these vulnerabilities already popping up? They're fixed much faster though...

Re:Firefox (4, Funny)

bozendoka (739643) | more than 7 years ago | (#16502063)

I agree completely. Heaven knows there weren't any fanboys on Slashdot before Firefox.

Ah, those were the days... rational discourse, on topic discussions, no spelling errors...Why, I remember one time, I said that I thought that Gentoo could be a little easier to install, and nobody modded me down. Dammit, I promised myself I wasn't going to cry!

Re:Firefox (1)

chrismcdirty (677039) | more than 7 years ago | (#16502163)

That must not be your first UID. I don't ever remember a ton of rational discourse, on-topic discussions or error-free spelling.

Re:Firefox (1)

kfg (145172) | more than 7 years ago | (#16501715)

everybody switch to lynx.

The only safety is vigilence [security.nnov.ru]

KFG

Re:Firefox (5, Interesting)

Anonymous Coward | more than 7 years ago | (#16501861)

Actually Firefox has a similar vulnerability, which has been unpatched for months (as a design decision - there is no way to patch it without breaking useful stuff).

This is a new report of a old vulnerability which isn't serious. The fact that it's been released "not 24 hours" after IE 7 was released is, I would think, because someone decided to release it to coincide with the launch.

Re:Firefox (2, Interesting)

towsonu2003 (928663) | more than 7 years ago | (#16501979)

and your reference is? (link to the bug report)

Re:Firefox (1)

rs232 (849320) | more than 7 years ago | (#16502119)

"Actually Firefox has a similar vulnerability, which has been unpatched for months (as a design decision - there is no way to patch it without breaking useful stuff)"

Could you give us a pointer to the Firefox bug and what stuff does it break.

"This is a new report of a old vulnerability which isn't serious"

Could you give us a pointer to the original report.

Score: 5, Damage control

Re:Firefox (1)

Ingolfke (515826) | more than 7 years ago | (#16501953)

lynx sucks. I use links [sourceforge.net] .

Lynx vs. links. Security? Standards? Usability? (2, Funny)

abaddononion (1004472) | more than 7 years ago | (#16502143)

Let the CLI-browser flame-wars begin!

Re:Firefox (1)

gormanly (134067) | more than 7 years ago | (#16502121)

switch?

'course, Slashdot is awful in Lynx. All the stuff in the sidebars goes to the top of the page.

And the comment entry is sucky too...

Re:Firefox (2, Funny)

Robber Baron (112304) | more than 7 years ago | (#16502129)

I use lynx to surf pr0n!

This is news??? (-1, Troll)

gasmonso (929871) | more than 7 years ago | (#16501649)

Why does crap like this appear on Slashdot? Next time a bug is found in FF, I'm going to contact the media and scream bloody murder. What a waste.

gasmonso http://religiousfreaks.com/ [religiousfreaks.com]

Re:This is news??? (3, Informative)

smooth wombat (796938) | more than 7 years ago | (#16501705)

Next time a bug is found in FF, I'm going to contact the media and scream bloody murder.


It's already been done [slashdot.org] and found to be a hoax [slashdot.org] .

Anything else you want to complain about?

Re:This is news??? (3, Insightful)

shadowmas (697397) | more than 7 years ago | (#16501807)

the problem isn't so much as not having bugs in FF but the fact that MS is trying to make it look like the new IE is revolutionary and secure than FF.

IE7 Vulnerability Discovered (4, Funny)

Rik Sweeney (471717) | more than 7 years ago | (#16501669)

In a very motherly voice:

Oh Microsoft, what are we going to do with you, eh?

Browsers are just too complex (5, Insightful)

cliffski (65094) | more than 7 years ago | (#16501675)

Thats the root of the problem. I'd wager 90% of the functioanlity for browsers is only used by 5% of end users. Granted a lot of stuff is demanded by web develoeprs who want fancy this, animated that, and sliding and fading the other, but to be honest, most of us dont need any of that junk.
As end users, how much of browser bloat do we really need?
I think there was a slashdot story asking for feature requests for firefox recently. my main request is this please:

less of everything

Its already at the case where im starting to notice how long it takes firefox to start. Sometimes more features does not mean better. Its like anything, cars, mobile phones, TVs, they all have major feature bloat.
I found it actually impossible to buy a new mobile *without* internet access. Its insane. i remember when you didnt have an animated 'startup' screen for your phone, because the damned things just switched on.

Feature bloat -> just say no :D

Re:Browsers are just too complex (5, Funny)

Goaway (82658) | more than 7 years ago | (#16501743)

Here's your porch, here's your chair, and here's your lawn. Now repeat after me, "DAMN KIDS! GET OFFA MY LAWN!"

Re:Browsers are just too complex (2, Interesting)

truthsearch (249536) | more than 7 years ago | (#16501855)

The vulnerability is caused due to an error in the handling of redirections for URLs with the "mhtml:" URI handler. This can be exploited to access documents served from another web site.


The only reference I could find to an mhtml URI through google (which isn't a vulnerability report) is for HTML email. I've generated multi-part MIME email content and never once came across this type of URI. So if someone could elaborate on why this feature even exists it would be helpful.

Re:Browsers are just too complex (4, Interesting)

hey! (33014) | more than 7 years ago | (#16501867)

Thats the root of the problem. I'd wager 90% of the functioanlity for browsers is only used by 5% of end users.

I don't think this is the case, because for the most part users don't choose which broswer features they use; web sites do that for them.

However, I think the web development model is far too complex, which both causes site developers to create security holes in their applications, and creates many places for security holes to exist in the browser itself.

Re:Browsers are just too complex (4, Insightful)

acvh (120205) | more than 7 years ago | (#16501903)

While I agree with your No Bloat argument, you neglected an oft overlooked reason that IE contains all these "features", and it's not web developers. It's application developers. There are a slew of vertical market applications that many small to midsize companies are using, where the developer has dropped, or maybe never had, its own user interface, in favor of using IE and ActiveX controls. Insurance brokerages, medical practices, law firms and more, all of them have large, commercial, expensive applications available to them for running their businesses, and many of them are IE based. IE in these cases is just the front end to data stores running on everything from SQL Server on Intel to AIX on Power to whatever. Many times with no Internet connectivity at all.

MSFT can't just disable, drop or change these features, because doing so could break an enter business. So they just pile up more and more code into an already chaotic program.

Re:Browsers are just too complex (2, Interesting)

aadvancedGIR (959466) | more than 7 years ago | (#16501905)

If only it was only unused stuff, it wouldn't be that bad.
I recently visited the website of a car manufacturer which was full of (I don't want to know which one) cool things to replace the HTML and no kidding (I used my watch), I had between 80 and 200s between the moment I pushed a button and the expected effect (and yes, I was under up-to-date XP/IE6 with a perfectly working 11Mb/s line and it was not at a moment they should be expecting much trafic). The site was of course really nice looking, but it could have been done with just a little JS and Flash.

It gives me the impression that some web developpers just want to steal some money selling useless trendy stuff to their clients and then extort the fix (rollback).

Helllloo? (5, Insightful)

thepotoo (829391) | more than 7 years ago | (#16501981)

Last time I checked, Firefox was open source. You are more than welcome to fork the project and make a "lite" version. I would probably give it a try.

But, don't forget that if you strip away too much, you'll end up with Lynx. Some people like at least images and css, you know?

Re:Browsers are just too complex (5, Insightful)

AKAImBatman (238306) | more than 7 years ago | (#16501993)

Thats the root of the problem. I'd wager 90% of the functioanlity for browsers is only used by 5% of end users.

You would lose that wager. 80%+ of the technology that makes web browsers tick is required just to show you a blasted web page. The standardized APIs allow a good way for JavaScript to then make those pages interactive. Not too many sites are JavaScript-free these days.

What I think you're trying to say, is that features above and beyond the W3C standards are:

1. Not useful
2. Poor attempts at lockin
3. Dangerous

If Microsoft would just stick to the bloody standards, we'd all be better off. Unfortunately, they're still in 1995 mode, trying to beat Netscape at their own propertization game. It wouldn't surprise me if the requests for DOM 2 Events support were STILL ignored in this "final" release of IE7. *grumble* And Microsoft thinks developers will like them because of this?

Re:Browsers are just too complex (1)

Salvance (1014001) | more than 7 years ago | (#16502011)

The problem is that Firefox and other non-IE browsers are just trying to support the W3C standards and what web publishers write for their sites. Someone could certainly create a slimmed down version of Firefox that didn't have any bells or whistles, but would you continue to use it if some sites starting displaying incorrectly?

Firefox is gaining acceptance because it's more secure, generally faster, and provides far better support for the newer W3C standards such as CSS2. If you're looking for a small footprint blazing fast load times, try Cello [archive.org] , which can be downloaded from here [evolt.org] . Sure, it's from 1994, but it'll run on a 386sx and you can fit 4 copies of it on a floppy. =)

Re:Browsers are just too complex (2, Funny)

jazman_777 (44742) | more than 7 years ago | (#16502141)

a slimmed down version of Firefox


We could call it "Phoenix."

Re:Browsers are just too complex (1)

xENoLocO (773565) | more than 7 years ago | (#16502109)

"I found it actually impossible to buy a new mobile *without* internet access."

You can have my piece of crap cingular phone if you want it. I'm paying for a multimedia package I can't even use.

Phone with no internet access available from cingular [motorola.com]

Well, DUH! (0, Redundant)

Footix (972079) | more than 7 years ago | (#16501681)

How many people here are actually surprised by this?

Not Really news (1)

Zarniwoop_Editor (791568) | more than 7 years ago | (#16501685)

It's not really news that there are security issues in IE 7. Problem is there are security issues in so much these days that it's really just about what has been found so far.

Back to the old text based lynx browser for me. Now, Anyone know where I can get a flash plugin for Lynx? ;-)

Why did it take so long to crack IE7? (0)

Anonymous Coward | more than 7 years ago | (#16501689)

eh? why?

Seriously!??! (1)

Rendo (918276) | more than 7 years ago | (#16501693)

Are any of you surprised about this? Reminds me of an elderly person that has a problem with shitting their pants frequently. To prevent ruining their pants, they start to wear some depends. The next day they've shit through their depends and ruined their pants again. Quit your shitting IE.

Old exploit (4, Informative)

Iphtashu Fitz (263795) | more than 7 years ago | (#16501695)

This exploit exists in IE6. It just means MS didn't fix it in IE7. It's not like it's a new exploit that was quickly discovered within the few hours after IE7 was released.

Re:Old exploit (2, Insightful)

otacon (445694) | more than 7 years ago | (#16501801)

That is all the more reason to be concerned about it. If the flaw was known in IE6 then why in the world wouldn't it have been addressed in IE7, I mean they've been working on it for half the decade for crying out loud.

Oh, good (0)

Anonymous Coward | more than 7 years ago | (#16501811)

That makes me feel better! :)

Re:Old exploit (3, Funny)

kfg (145172) | more than 7 years ago | (#16501813)

So, what you're saying is that Bill's dog ate the patch?

KFG

Re:Old exploit (5, Interesting)

abaddononion (1004472) | more than 7 years ago | (#16501887)

This exploit exists in IE6. It just means MS didn't fix it in IE7. It's not like it's a new exploit that was quickly discovered within the few hours after IE7 was released.

To me, at least, that's kind of the point. I mean, this is an old old IE6 bug, that M$ has known about for a certainly reasonable amount of time. Yet, they still haven't fixed it. And not to say it's a big deal that they haven't fixed it in IE6 yet. It's not like it's a Critical Priority bug (no pirates can steal Windows or MP3s because of it). But they point is, they did their whole "We heard you" campaign, and claimed IE7 was going to be this great new secure landscape... and they didn't even clean up the old IE6 bugs they KNEW about? I mean, seriously, at this point are we supposed to believe that they're even trying?

Re:Old exploit (1)

FrankNputer (141316) | more than 7 years ago | (#16502193)

Maybe not, but it seems relevant that the new "safe & secure" browser is still broken in the same manner as the old one.

Re:Old exploit (1)

rs232 (849320) | more than 7 years ago | (#16502247)

"This exploit exists in IE6. It just means MS didn't fix it in IE7. It's not like it's a new exploit that was quickly discovered within the few hours after IE7 was released."

But I thought IE7 was a brand new browser that didn't use and of the buggy old IE6 code.

Score:5, yet more damage control)

Misunderstanding (5, Funny)

MrSquishy (916581) | more than 7 years ago | (#16501699)

Maybe the line should read "You wanted it easier AND more secure?".

Quick response (0)

Anonymous Coward | more than 7 years ago | (#16501703)

Look at the bright side, at least it didn't take them three months to patch the bug, unlike certain Firefox bugs..

someone mind... (0)

Anonymous Coward | more than 7 years ago | (#16501713)

... explaining this in english?

Re:someone mind... (1)

continuouslife (934428) | more than 7 years ago | (#16502023)

Yes - Microsoft sucks and Firefox and open-source are better than everything. I think you can safely remove Slashdot from your bookmarks now.

Who could have guessed? (0, Redundant)

otacon (445694) | more than 7 years ago | (#16501723)

A security vulnerability in a Microsoft Browser? Now way! I don't see why anyone would expect Microsoft to turn into a security powerhouse all of the sudden, considering their long track record of flaws, especially in Internet Explorer.

Let's be fair (5, Informative)

Lars T. (470328) | more than 7 years ago | (#16501729)

The same problem is known on IE 6 since April 2006 [secunia.com]

Re:Let's be fair (0, Redundant)

zenithcoolest (981748) | more than 7 years ago | (#16501767)

yes the problem has not been solved by MS since IE6.

Re:Let's be fair (1)

hachete (473378) | more than 7 years ago | (#16501959)

So the biggest Software Development organisation in the world couldn't fix this big for over a year? For shame ...

It can't be hard to figure that these things are going to get jumped on. Why not fix it and save the bad press?

Re:Let's be fair (1)

crazman724 (1015597) | more than 7 years ago | (#16501987)

how is that being fair? if they have known about it that long from IE6 then there is no reason that there should be that problem still.

Not much of a surprise (2, Insightful)

Salvance (1014001) | more than 7 years ago | (#16501745)

This shouldn't be too much of a suprise ... how many software products are 100% bug free when released, particularly Microsoft's? Anyone who downloads or buys any software within the first few weeks is just asking for it ... and anyone who buys a Microsoft product within the first year is bound to have issues, whether security breaches or just annoying bugs.

Re:Not much of a surprise (1)

truthsearch (249536) | more than 7 years ago | (#16501919)

Scroll up. This bug was discovered at least 5 months ago. IE 7 is not new software. It's an update to the IE 6 code base. This product is far from new. Hence this shared bug.

Re:Not much of a surprise (1)

Xugumad (39311) | more than 7 years ago | (#16502057)

Heaven help those of us who need to test our websites with new browsers (worked perfectly first time, for reference, probably on account of having read, understood and used the HTML, XHTML and CSS standards).

The slogan is right (0)

Anonymous Coward | more than 7 years ago | (#16501749)

Huh? I thought the slogan was fitting. IE7 IS (a lot) more secure than IE6.

"You wanted it easier and more secure."
Yup, we did and that we got.

News? (3, Funny)

Treacharous (994718) | more than 7 years ago | (#16501759)

Doesn't everyone use firefox anyway?

Re:News? (1)

DrDitto (962751) | more than 7 years ago | (#16501989)

I gave up on Firefox after using it for 2 years. Memory leaks, spuratic behavior, crashes, 99% utilization, etc. The original Mozilla 1.7.x series was better but unfortunately that line of development is dead.

Re:News? (1)

Treacharous (994718) | more than 7 years ago | (#16502127)

Switch over to Seamonkey. It's great :)

Re:News? (1)

DrDitto (962751) | more than 7 years ago | (#16502241)

Thanks for the pointer! I didn't know that the old Mozilla lives on.

Re:News? (0)

Anonymous Coward | more than 7 years ago | (#16502021)

No [opera.com]

Obligatory Simpsons Quote: (1)

fernandoh26 (963204) | more than 7 years ago | (#16501761)

<nelson> Ha ha! </nelson>

Vista RC2 (2, Interesting)

jkl6648 (531276) | more than 7 years ago | (#16501777)

I just ran the exploit test using IE7 under Vista RC2, and it came back and said that my browser "does not appear to be vulnerable to this particular exploit", so is this just a IE7 under XP issue?

Re:Vista RC2 (1)

Aqua_boy17 (962670) | more than 7 years ago | (#16501891)

Well, I don't know about 7, but I got the same message running IE6 SP1 on XP saying my machine appeared not to be vulnerable. Of course this is my work machine behind a hardened firewall with all current MS patches. It will be interesting to see if my home machine reports as non-vulnerable as well.

Re:Vista RC2 (1)

HardSide (746961) | more than 7 years ago | (#16501947)

Because this is more of a email program vulnerability then browser vulnerability. If people actually research this, they would realize this is an old problem that existed since IE6 and it deals with opening a link in your email program through internet explorer, but you should know better then to open unknown emails in your inbox, the fact that you do, you deserve to get what you get. This article - False - Misinterpeted. Good job /.

Got the slogan wrong.. (0)

Anonymous Coward | more than 7 years ago | (#16501781)

By easier.. they meant for the hackers.. easier for the hackers..

by more secure.. ANYTHING is more secure than IE6, but now the hackers have secure communications for their exploits..

Active Scripting (2, Insightful)

DoomfrogBW (1010579) | more than 7 years ago | (#16501791)

This has been a problem in Internet Explorer for a while (IE 6 and prior versions). Most people turn off Active Scripting because of the vulnerabilities. You can disable it and have "trusted" sites for those sites which you want to enable active scripting like http://windowsupdate.microsoft.com./ [windowsupd...rosoft.com]

Come on (3, Informative)

critter_hunter (568942) | more than 7 years ago | (#16501803)

It's a "Less critical" vulnerability - not really dangerous at all. Firefox still has equally important unpatched "vulnerabilities" [secunia.com] - some of which [secunia.com] date back to 2004 [secunia.com] . Retards.

Re:Come on (1)

truthsearch (249536) | more than 7 years ago | (#16501983)

Your first link is for a vulnerability which requires the user to do something (type in a file name). The second is a phishing attack.

You might want to retake an IQ test before you start calling names on /.

Re:Come on (1)

k_187 (61692) | more than 7 years ago | (#16502137)

Why? No one else is required to.

We are the Borg (0)

Anonymous Coward | more than 7 years ago | (#16501833)

All your vulnerabilities will be assimilated into our own.

Yawn. (5, Funny)

Honest Olaf (1011253) | more than 7 years ago | (#16501847)

Stretch. Scratch.

Oh, an IE vulnerability? That's cool man.

Hey, anyone want to get some lunch?

someone was sitting on this for a while (0, Troll)

i_dream_in_black_and (1011287) | more than 7 years ago | (#16501871)

This problem was probably discovered back in beta 1, and was not mentioned until the official release. Nice! Way to play ball.

Good timing, Secunia (1)

wumpus188 (657540) | more than 7 years ago | (#16501881)

But every sane person in the world already has Internet zone security level set to High so who is gonna be affected by this?

IE7 maybe not vulnerable? (5, Informative)

jrsp (513795) | more than 7 years ago | (#16501915)

IE7, freshly installed this morning, on XP SP2 reports not vulnerable. Perhaps it was already patched, or the exposure is more limited than the post implies...

Not an MS fan, but truth and accuracy are always good.

Re:IE7 maybe not vulnerable? (3, Informative)

truthsearch (249536) | more than 7 years ago | (#16502087)

Secunia has confirmed the vulnerability on a fully patched system with Internet Explorer 7.0 and Microsoft Windows XP SP2. Other versions may also be affected.

http://secunia.com/advisories/22477/ [secunia.com]

"Suprise, Suprise, Suprise" -- Gomer Pyle. (1, Interesting)

www.sorehands.com (142825) | more than 7 years ago | (#16501931)

"Fool me once, shame on you. Fool me twice, shame on me." -- Scotty.

"Insanity is defined as repeating the same behavior and expecting a different result."

Micorosoft have been patching security for years. They now claim, "Security is job one." Do you believe it? Why would you? I would not trust IE unless it is rewritten from scratch. There is only so many patches you can do.

I worked on CALANdar back in the 90s. The program started its life as a quick and dirty in/out notifier. Over the years, it turned into a groupware scheduling package. Ignoring my protestations regarding security risks, I was required to add OLE to the Windows version. There was comments from the original author that said "I know this case is F**Ked, but Dick wanted it done now, I will fix it later." That code was there 4 years after the original author left. When you add onto an unstable base, you do not make code more stable.

FYP (2, Insightful)

tygerstripes (832644) | more than 7 years ago | (#16502003)

I would not trust IE unless it is rewritten from scratch.
...by someone else.

Re:"Suprise, Suprise, Suprise" -- Gomer Pyle. (1)

Viol8 (599362) | more than 7 years ago | (#16502017)

" would not trust IE unless it is rewritten from scratch."

Even then I wouldn't trust it. MS's record at new code isn't any better.
Besides which, the Mozilla tree was originally a complete rewrite of
Netscape and that hasn't been exactly bug free. I think the real issue
is simply browsers having everything including the kitchen sink thrown
into them. They need to be streamlined , take out some of the eye candy
and functionality hardly anyone uses and you're off to a better start.

This page produces a rendering bug for me (1)

patio11 (857072) | more than 7 years ago | (#16501971)

*sigh* And I sincerely wanted to move to IE7 from Firefox just to be contrarian.

Opera doesn't want to feel left out (1)

helmutvs (912204) | more than 7 years ago | (#16502027)

This vulnerability is not very significant. What I found more amusing was that on the same secunia page there's a list of the most popular advisories and Opera appears just under IE. The Opera vulnerability [secunia.com] involves a mistake that any student learns to avoid in his or her first programming class. Furthermore, the Opera buffer overflow is rated as "highly critical" and affects both Windows and Linux versions, whereas MSIE 7's is only "less critical." The Opera bug is truly an amateur's mistake.

AJAX? (0)

Anonymous Coward | more than 7 years ago | (#16502083)

This bug is exposed through using AJAX. They are making an HTTPRequest to a page to pull off its contents, isn't this fundamental to web 2.0 and AJAX? To disallow HTTPRequests to webservers other your own makes seems to make developing mashups a little more difficult. For instance what about using javascript to read an RSS feed on your page? You could accomplish this in PHP but maybe you want your page to automatically update the RSS feed on your page without actually refreshing your page. Just throwing that out there for thought. I am aware there are plenty of "secure" workarounds if this support was turned off in IE. Too bad we have people who ruin things for everyone.

Disingenuous (1)

CDPatten (907182) | more than 7 years ago | (#16502093)

kind of a double edged sword. Its just so intellectually dishonest. Obviously they had found the hole before the release and were just waiting to try to embarrass MS.

They claim they want to see secure MS software, but work against the industry practice of making software more secure and bug proof by withholding flaws they find.

Re:Disingenuous (1)

truthsearch (249536) | more than 7 years ago | (#16502149)

I'm not sure if you're serious or not, but this bug was announced months ago in IE 6:
The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2. Other versions may also be affected.

http://secunia.com/advisories/19738/ [secunia.com]

IE7 is actually pretty good (1)

Bullfish (858648) | more than 7 years ago | (#16502147)

I have used ff for a few years now, and have been a fan. I presently run ff 2 RC3. I overall like ff, but I find besides the memory feature, that it is just slow and balky compared to IE (and I have tweaked the ff settings for speed). I really want to like ff more, but until it becomes a smoother experience, I will likely do most of my browing with IE7. As for being more secure, I just assume no matter what that any machine connected to the net is not secure and act accordingly.

As the saying goes... (1)

djupedal (584558) | more than 7 years ago | (#16502205)

Any publicity is good...good publicity is even better.

Keep chatting it up, people. This is exactly what red-o-mundo' wants - how's it feel to be sooooo used, eh? :)

Hacker and Security Issues (0)

Anonymous Coward | more than 7 years ago | (#16502229)

As long as hackers exists, we will continue to see articles like this. Mozilla and Microsoft are not alone (http://www.oreillynet.com/windows/blog/2005/02/ba d_news_about_firefox_securit.html). I am neither pro IE nor pro FireFox. I like both products. Go to the site reporting this issue, secunia.com. You will see several non-browser software as well with security problems. This is an industy problem. Just happens to be Microsofts turn this time. Sorry Bill...

I wonder when they knew about the vulnerability? (1)

notaprguy (906128) | more than 7 years ago | (#16502235)

If they knew about it before the release of IE 7 then they're low-lifes.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...