zdnet.com.au— Microsoft has denied that a 'trick', which could allow an executable file to be launched when a user types a Web address into Internet Explorer, is a security vulnerability.
Jul 5, 2006View in Crawl 4
Explorer / IE integration. There are pros and cons, but for the sake of mindlessly bashing Microsoft, let's focus on the cons!Honestly, I have half a mind to submit an article called "The Advantages of browser/OS integration", just to see if it's possible to get a negative amount of Diggs on the article. Bias sucks, but that's the cost of user-regulated content. Whoops, I ended up mentioning that "pros and cons" idea that's confusing so many of you again.
A shortcut is a shortcut! It does not matter if it points to a URL or a file. Your FAVORITES are all just a bunch of folders and shortcuts!You can name a shortut "Calc" and have to go to a web address. It works both ways!
This isn't a security issue, only the clueless would blame Microsoft for this. The ability to run programs by typing them into the address bar is a feature I used regularly to speed up navigation around the OS before I wised up and got a Mac.It COULD be exploited by an attacker using social engineering. There are an infinite number of exploits you can use to aid social engineering. Personally I can see how it could be exploited but it isn't Microsoft's fault this time because someone blurted out the obvious strategy for exploiting this into the public domain. Most advanced computer users such as systems administrators will be aware of one or two of these that aren't in the public domain they have discovered themselves (I know a couple for OS X too I've only shared with co-workers!).Since someone decided to run their mouth and tell the world about it in the name of full disclosure (which is a questionable move here since this isn't a bug it's just a strategy to manipulate the unaware such as pretending your someone else on a telephone call) then Microsoft should disable this useful feature by default with a patch, tell you why it's been disabled (using less inflamatory language than this comment) and also how to turn it back on if you want to. Problem solved.It's no more a security issue than telephones not having reliable secure video channels with biometric identification is (you could argue it is, but you wouldn't complain AT&T had an exploit in their telephone lines would you)?
well to put in Microsoft's words this undocumented feature isn't quite the threat (It is if you run random programs you download off the internet) it certainly is quite useless.
babylonianJul 5, 2006
Explorer / IE integration. There are pros and cons, but for the sake of mindlessly bashing Microsoft, let's focus on the cons!Honestly, I have half a mind to submit an article called "The Advantages of browser/OS integration", just to see if it's possible to get a negative amount of Diggs on the article. Bias sucks, but that's the cost of user-regulated content. Whoops, I ended up mentioning that "pros and cons" idea that's confusing so many of you again.
tavisjohnJul 5, 2006
A shortcut is a shortcut! It does not matter if it points to a URL or a file. Your FAVORITES are all just a bunch of folders and shortcuts!You can name a shortut "Calc" and have to go to a web address. It works both ways!
itchybeardJul 5, 2006
This isn't a security issue, only the clueless would blame Microsoft for this. The ability to run programs by typing them into the address bar is a feature I used regularly to speed up navigation around the OS before I wised up and got a Mac.It COULD be exploited by an attacker using social engineering. There are an infinite number of exploits you can use to aid social engineering. Personally I can see how it could be exploited but it isn't Microsoft's fault this time because someone blurted out the obvious strategy for exploiting this into the public domain. Most advanced computer users such as systems administrators will be aware of one or two of these that aren't in the public domain they have discovered themselves (I know a couple for OS X too I've only shared with co-workers!).Since someone decided to run their mouth and tell the world about it in the name of full disclosure (which is a questionable move here since this isn't a bug it's just a strategy to manipulate the unaware such as pretending your someone else on a telephone call) then Microsoft should disable this useful feature by default with a patch, tell you why it's been disabled (using less inflamatory language than this comment) and also how to turn it back on if you want to. Problem solved.It's no more a security issue than telephones not having reliable secure video channels with biometric identification is (you could argue it is, but you wouldn't complain AT&T had an exploit in their telephone lines would you)?
itchybeardJul 5, 2006
Sorry for double posting, if a million people don't mod down both of them, please mod down the last one.
tompJul 6, 2006
Dr Watson?
reno582Jul 6, 2006
well to put in Microsoft's words this undocumented feature isn't quite the threat (It is if you run random programs you download off the internet) it certainly is quite useless.
sewesoJul 6, 2006
Try this: <a class="user" href="http://www.seweso.com/www.google.com.lnk">http://www.seweso.com/www.google.com.lnk</a>:D