A security researcher has credited McAfee for helping him to develop exploit code that cracks open an unpatched flaw in older versions of Internet Explorer. Moshe Ben Abu (AKA Trancer00t) used the flaw in IE 6 and 7 in knocking-up a module for the open-source Metasploit exploit database. "I didn't find the vuln', just found it …
...but Microsoft operating systems are oh-so-secure!
McAfee = sh!te
That's all I have to say.
accident or test?
hmmm.... wonder if they sell more or less of their security bloatware because of this accidental slip....
"well, we obviously knew about the problem so if you were a customer you'd be protected anyway..."
First post an M$ bash, second and third a McrappyFee bashing. Gone are the days (that never existed) of quality comments.
My vote would be immediate "responsible" disclosure and if a patch isn't released in 2 weeks, go public. Proof-of-concept exploit code is close to rediculous, considering it allows some script kiddie to just dump the exploit into their virii framework with no effort of their own. The problem with propriety systems is there's no incentive to secure their stuff in any reasonable timeframe because where else are you going to go? Don't like the M$ failship? Unlikely your corp is going to jump ship to *nix and still get vendor support for your Win32 software running under Wine. Apple is right-out due to no sensible [note use of word] companies developing business apps for that platform.
M$ clearly has the application advantage, even if their OS is riddled with holes worse than a discarded water heater in the backwoods of Alabama... It is no different than the iPhone and App Store. People still buy the outdated hardware to get at the software, even though the likes of the Nexus One are on the market. No apps? No use.
Figure my allegence with that one. /coat
Four Enter whiny commentard lamenting the absence of quality commenting that never existed.
Hello, you must be new the internet.
Porn is over there --->
<--- Here be the flamewars and dickwaving