Anti MS brigade on full alert.

Wow, I love this story,

2 sources close to El Reg, read 2 barmen in Mr Goodins local boozer.

An MS flaw reported on by a GOOGLE spokesman.

All in the space of a weeks worth of multiple new GOOGLE releases.

A flaw that needs to be manipulated to work, and apparently on very few sites. So the bug isn't a natural disaster, but malign coders can exploit it. Come to that, I can edit the registry to make my IE icon appear or disappear on my desktop, does that make me a hacker, or is it a fatal bug in Windows?

Perhaps Mr Goodin would care to comment on how many hacked sites are hacked by Firefox, or their GOOGLE backers.

What is the going rate for backhanders from GOOGLE'S marketing department these days, does it match up to Mozilla's, or is it just another nice little sideline.

@joel stobart

Yeah right, get a fucking grip.

IE is THE only browser used for hacking

AND google isn't the search engine known in circles as the hacker friend.

Suggest you pull your head out of your ass before asphyxiation sets in.

xss

"A flaw that needs to be manipulated to work, and apparently on very few sites."

Security flaws (almost) always have to be maniuplated to make them work. And I don't know why you think it'll work on very few sites; any site that uses scripting is presumably vulnerable. XSS can be a serious problem.

" So the bug isn't a natural disaster, but malign coders can exploit it."

Yeah, can and will, given the past track record with security exploits.

"Come to that, I can edit the registry to make my IE icon appear or disappear on my desktop, does that make me a hacker, or is it a fatal bug in Windows?"

It does make you one and indicates a bug in Windows, if you figure out how to do it just by someone visting a page, or without any user interaction whatsoever.

Sounds pretty standard

I guess it goes something like this: They check for one kind of exploit (and fix it if need be), then check for a second kind of exploit (and fix it if need be), but don't check again to make sure the first exploit wasn't introduced by fixing the second. We can only speculate about how that could happen without knowing the specifics, but it's not at all hard to imagine that it could, especially given that one of the checks apparently involves changing character encoding.

@Henry Wertz

Yep, exactly the thought process I see that has fucked everything up.

So the flaw isn't the problem, the malicious coding is, in exactly the same way as you later describe me as a hacker.

The full truth is staring you in the face every morning when you shave, if you yet do, there is the real problem, you and people like you.

IE isn't the problem now is it.

Standards compliant

Microsoft just don't get it.

An architect who doesn't give a crap about the laws of physics is going to build a crappy building.

A software house that doesn't give a crap about standards is going to build a crappy web browser.