Major IE8 flaw makes 'safe' sites unsafe The latest version of Microsoft's Internet Explorer browser contains a bug that can enable serious security attacks against websites that are otherwise safe. The flaw in IE 8 can be exploited to introduce XSS, or cross-site scripting, errors on webpages that are otherwise safe, according to two Register sources, who discussed …
Wow, I love this story,
2 sources close to El Reg, read 2 barmen in Mr Goodins local boozer.
An MS flaw reported on by a GOOGLE spokesman.
All in the space of a weeks worth of multiple new GOOGLE releases.
A flaw that needs to be manipulated to work, and apparently on very few sites. So the bug isn't a natural disaster, but malign coders can exploit it. Come to that, I can edit the registry to make my IE icon appear or disappear on my desktop, does that make me a hacker, or is it a fatal bug in Windows?
Perhaps Mr Goodin would care to comment on how many hacked sites are hacked by Firefox, or their GOOGLE backers.
What is the going rate for backhanders from GOOGLE'S marketing department these days, does it match up to Mozilla's, or is it just another nice little sideline.
http://www.theregister.co.uk/2009/11/20/google_plug_in_bug/
It seems that Microsoft and Google are going toe-to-toe over security.
@neal5
An[sic] GOOGLE flaw reported on by a MICROSOFT spokesman.
All in the space of a weeks worth of multiple new MICROSOFT releases. Should be fun.
... fixed that for you
What are you talking about? Firefox isn't exactly a cracking tool, unless the crack is the most trivial tool in the world. The rest of your diatribe could be poured over for generations for signs of intelligent life in 2009.
Joel
I do hope the fans of another bloated browser with an increasingly poor track record in security aren't going to start throwing stones at IE over this.
Five years ago, there'd be hundreds of comments of that nature posted about an article like this. But not today, one hopes.
"A flaw that needs to be manipulated to work, and apparently on very few sites."
Security flaws (almost) always have to be maniuplated to make them work. And I don't know why you think it'll work on very few sites; any site that uses scripting is presumably vulnerable. XSS can be a serious problem.
" So the bug isn't a natural disaster, but malign coders can exploit it."
Yeah, can and will, given the past track record with security exploits.
"Come to that, I can edit the registry to make my IE icon appear or disappear on my desktop, does that make me a hacker, or is it a fatal bug in Windows?"
It does make you one and indicates a bug in Windows, if you figure out how to do it just by someone visting a page, or without any user interaction whatsoever.
I guess it goes something like this: They check for one kind of exploit (and fix it if need be), then check for a second kind of exploit (and fix it if need be), but don't check again to make sure the first exploit wasn't introduced by fixing the second. We can only speculate about how that could happen without knowing the specifics, but it's not at all hard to imagine that it could, especially given that one of the checks apparently involves changing character encoding.
Yep, exactly the thought process I see that has fucked everything up.
So the flaw isn't the problem, the malicious coding is, in exactly the same way as you later describe me as a hacker.
The full truth is staring you in the face every morning when you shave, if you yet do, there is the real problem, you and people like you.
IE isn't the problem now is it.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
