back to article Major IE8 flaw makes 'safe' sites unsafe

The latest version of Microsoft's Internet Explorer browser contains a bug that can enable serious security attacks against websites that are otherwise safe. The flaw in IE 8 can be exploited to introduce XSS, or cross-site scripting, errors on webpages that are otherwise safe, according to two Register sources, who discussed …

COMMENTS

This topic is closed for new posts.
Terminator

so does someone have details of the bug?

id really like to know more

1
0

Anti MS brigade on full alert.

Wow, I love this story,

2 sources close to El Reg, read 2 barmen in Mr Goodins local boozer.

An MS flaw reported on by a GOOGLE spokesman.

All in the space of a weeks worth of multiple new GOOGLE releases.

A flaw that needs to be manipulated to work, and apparently on very few sites. So the bug isn't a natural disaster, but malign coders can exploit it. Come to that, I can edit the registry to make my IE icon appear or disappear on my desktop, does that make me a hacker, or is it a fatal bug in Windows?

Perhaps Mr Goodin would care to comment on how many hacked sites are hacked by Firefox, or their GOOGLE backers.

What is the going rate for backhanders from GOOGLE'S marketing department these days, does it match up to Mozilla's, or is it just another nice little sideline.

0
1
WTF?

Arent you forgetting something?

Arent you conveniently forgetting that Microsoft tried to change the behaviour of the web, to 'fix' this, and has instead made it worse?

Are you disputing that there is a flaw with the XSS protection which causes safe sites to become targets?

0
0
Alert

Tit-for-tat?

http://www.theregister.co.uk/2009/11/20/google_plug_in_bug/

It seems that Microsoft and Google are going toe-to-toe over security.

@neal5

An[sic] GOOGLE flaw reported on by a MICROSOFT spokesman.

All in the space of a weeks worth of multiple new MICROSOFT releases. Should be fun.

... fixed that for you

What are you talking about? Firefox isn't exactly a cracking tool, unless the crack is the most trivial tool in the world. The rest of your diatribe could be poured over for generations for signs of intelligent life in 2009.

Joel

1
0

@joel stobart

Yeah right, get a fucking grip.

IE is THE only browser used for hacking

AND google isn't the search engine known in circles as the hacker friend.

Suggest you pull your head out of your ass before asphyxiation sets in.

0
0
Badgers

People in green houses

I do hope the fans of another bloated browser with an increasingly poor track record in security aren't going to start throwing stones at IE over this.

Five years ago, there'd be hundreds of comments of that nature posted about an article like this. But not today, one hopes.

0
0
FAIL

ie8 bugs

see microsoft cant get anything right either with browsers or operating systems heh and microsoft wonder why people move to linux or apple haha

0
0
Gold badge

xss

"A flaw that needs to be manipulated to work, and apparently on very few sites."

Security flaws (almost) always have to be maniuplated to make them work. And I don't know why you think it'll work on very few sites; any site that uses scripting is presumably vulnerable. XSS can be a serious problem.

" So the bug isn't a natural disaster, but malign coders can exploit it."

Yeah, can and will, given the past track record with security exploits.

"Come to that, I can edit the registry to make my IE icon appear or disappear on my desktop, does that make me a hacker, or is it a fatal bug in Windows?"

It does make you one and indicates a bug in Windows, if you figure out how to do it just by someone visting a page, or without any user interaction whatsoever.

0
0
Silver badge

Sounds pretty standard

I guess it goes something like this: They check for one kind of exploit (and fix it if need be), then check for a second kind of exploit (and fix it if need be), but don't check again to make sure the first exploit wasn't introduced by fixing the second. We can only speculate about how that could happen without knowing the specifics, but it's not at all hard to imagine that it could, especially given that one of the checks apparently involves changing character encoding.

0
0

@Henry Wertz

Yep, exactly the thought process I see that has fucked everything up.

So the flaw isn't the problem, the malicious coding is, in exactly the same way as you later describe me as a hacker.

The full truth is staring you in the face every morning when you shave, if you yet do, there is the real problem, you and people like you.

IE isn't the problem now is it.

0
1
Anonymous Coward

Standards compliant

Microsoft just don't get it.

An architect who doesn't give a crap about the laws of physics is going to build a crappy building.

A software house that doesn't give a crap about standards is going to build a crappy web browser.

0
0
This topic is closed for new posts.

Forums