What is Digg?79 Comments
- jammyfred, on 07/09/2009, -3/+31By this point anyone still using IE pretty much deserves it.
Firefox/Opera/Camino/Safari/Chrome FTW - omnomfurbey, on 07/08/2009, -8/+27This isn't overly surprising, many large companies sit on patches until a convient time in the update cycle.
- MeatyVitamin, on 07/09/2009, -4/+21Anybody that still uses IE probably doesn't know how to use a firewall or antivirus software anyway...
Whats one more security risk =P - LilRabbitFooFoo, on 07/09/2009, -3/+18Um, you do realize that by having the word "MAY" in the title and article, you've made it clear this is an utter and complete waste of time to read, right?
Come back when you have some confirmed NEWS... - paradigmx, on 07/09/2009, -7/+18If you ran a software company, and you found a major vulnerability in your software that nobody else knew about, would you tell everyone about it before you had a patch for the problem?
If you did, imo, you would be an idiot - EverybodyPanic, on 07/09/2009, -5/+15Microsoft may have been the principal architect of the Auschwitz crematorium, and responsible for climate change.
- Chrysalii, on 07/09/2009, -2/+11blah,
With Microsoft's main focus on Windows 7 and Office 2010 as well as Vista updates it's not surprising that a flaw for outdated software sat on the back burner (hint, Vista and IE8 is immune to it). In other words the best patch is upgrading.
Also why would they talk about a vulnerability before they have a fix? - Dauntless1, on 07/09/2009, -0/+8We just cheat. With our tech department, unless the user absolutely has to have IE (some government websites require it) we just post IE's icon over Firefox.
- inactive, on 07/09/2009, -3/+10Why are you digging him down, he's right. Take Microsoft's 'Patch Tuesday', for example. There are very good reasons for it, too, in terms of debugging and maintaining a constant time between system downtime (with a set date for patch release, it is much less difficult to organize an update roll-out, particularly due to the required system reboots this entails). It's becoming less useful as time goes on, though, since companies can manage their own patch release schedule with WSUS now. One should also consider that there is probably a large backlog of security flaws that need fixing by a limited number of developers.
Open-source projects don't have this problem because they not only tend to follow a 'release early, release often' paradigm but are also capable of being patched by third parties, if someone identifies a security flaw that same person can patch it and have their code included within days (or hours) of that flaw first emerging. There are disadvantages to the aforementioned paradigm, one example is the debian OpenSSL scandal, but for the most part buggy patches are filtered out by peer review and transparent distribution pipelines. - Jeepy, on 07/09/2009, -5/+12Microsoft knows about IE bug for months before they fix it they are so evil. Apple knows about factory defect cracks in macbook cases no big deal they fix it for free anyway.
http://brianford.newsvine.com/_news/2008/03/27/139 ...
http://discussions.apple.com/thread.jspa?threadID= ...
For the record I use Firefox and think IE is a giant turd but the double standard (on digg anyway) is retarded. - datdamonfoo, on 07/09/2009, -0/+7And therefore irrelevant.
- inactive, on 07/09/2009, -6/+12Use IE and you fully deserve to have your identity stolen. The warnings have been circulating for years.
Its no longer just the techie geeks that know IE sucks balls.
Microsoft is slipping away into insignificance anyway. Their old slow moving monolithic ways are killing them. - MacParrot, on 07/09/2009, -3/+9And Apple knew about the vulnerabilities in OS X for at least 100 years...
Seriously decades? - martalli, on 07/09/2009, -1/+7There have been a lot of Patch Tuesdays since early 2008.
- inactive, on 07/09/2009, -0/+5Actually, if I recall correctly, they *can* bundle the browser with the OS, just as a separate component such that the user can opt *not* to install it. Otherwise, it would seem pretty retarded.
- CheesyPeteza, on 07/09/2009, -3/+8Although I agree there is nothing wrong with waiting for Patch Tuesday before applying the update, the problem is they should have fixed it a year ago and rolled it into their normal patch routine.
I understand they like to test the patches thoroughly, but come on 18 months? It's obvious they just ignored it. - rmxz, on 07/09/2009, -3/+8If you want to act responsibly to your customers, you had better do so.
That way they can set up their own protective technologies (firewall) or policies (stop using that software until a patch is available) while you develop the patch.
It's like if a drug company said "hmm, we don't know why our drug is making people sick, so we'll keep it quiet until we figure out how to fix it". - topapito, on 07/09/2009, -0/+5Shhhh! DO YOU WANT EVERYONE TO FIND OUT?????!!!!!!
- vision777, on 07/09/2009, -0/+4Another stupid article it says may have known. That means they also may not have known. Way create another great article.
- ruskicommi, on 07/09/2009, -0/+4Lets all bitch and moan
- jman583, on 07/09/2009, -1/+5Safari isn't so great, I have fifty e-mails in my inbox that can do the same thing.
- jordanmoore, on 07/09/2009, -1/+5Please for the sake of web standards at least force an update to IE8 on all Windows machines.
- Myztry, on 07/09/2009, -2/+6Only idiots place all their eggs in the one basket. It's fundamental risk management. Unfortunately there's a bloody lot of idiots, and we end up with outcomes like Conficker and undoubtably soon Conficker2.
Most concerning is that Governments and the Military misplace their trust in Microsoft. Which brings another fundamental. With defence, you always expose the smallest possible surface area. IE is not that. - Dauntless1, on 07/09/2009, -1/+5He was being sarcastic, and pointing out that there's a large double standard on digg when it comes to Microsoft. It's goes something like this: Microsoft releases an update, and suddenly they should all die in a fire because the OS they released wasn't 100 percent perfect from the moment it hit the market and *gasp* somebody hacked it. Apple, or Steve Jobs in particular, could be on CNN eating babies and burning hospitals down and all anybody will hear is "oooh, iPhone price is coming down next week. Apple is the best company ever!"
- MacParrot, on 07/09/2009, -1/+5I think if another company made an OS called Windows they might have some legal problems.
- koinek, on 07/09/2009, -1/+4What are they supposed to do? Let every hacker in the world know there is a serious vulnerability they can exploit? They're going to keep it under wraps until they find a fix or until it becomes common knowledge.
- inactive, on 07/09/2009, -1/+4@Dauntless1
Now there's a clever way to save hundreds of man-hours :D - inactive, on 07/09/2009, -1/+4...and its not just techies that use other (better) browsers! I know I'm preaching to choir here, but I wish less people associated the IE icon with the Internets...
- keysersozejr, on 07/09/2009, -8/+11Hey its a Microsoft story, lets all pile on!
Safari cures cancer and erectile dysfunction.
- SamOut, on 07/09/2009, -0/+3I "may have known" this article would be submitted to digg 18 months before...
- Chrysalii, on 07/09/2009, -0/+3OR
It's outdated software and they had more important things on mind. - gamepr0, on 07/09/2009, -0/+3Mac, windows and linux users unite and bury him!
- aphexcoil, on 07/12/2009, -1/+3When is IE going to ***** or get off the pot and become totally CSS compliant? Where is the CSS Outline attribute? What about the dozens of others that have bugs?
This is why people are moving to Firefox, Safari and Chrome. It is almost as if the IE department just doesn't give a ***** anymore. - JohnnySoftware, on 07/10/2009, -0/+2With respect to how long Microsoft has known about the defect - RTFA, people!
a) the member of the discovering duo said they discovered the bug in or prior to January of this year - over half a year ago
b) he works for a security company so of course they are going to disclose the information to Microsoft in some form of right away
c) an article published 2 days after this July 7 article says Microsoft admitted they knew about bug in early 2008
Here is the link to that article:
http://www.computerworld.com/s/article/9135370/Mic ... - inactive, on 07/09/2009, -1/+3They've known about this for as long as Microsoft has been in business. They know they suck.
- Dauntless1, on 07/09/2009, -4/+6Most problems are between the keyboard and the chair. Just sayin.
- JohnnySoftware, on 07/12/2009, -0/+2No, Linux never made the web browser "part of the operating system". In fact, different distros of Linux feature different web browsers.
Likewise, Apple never made a web browser "part of the operating system" that could never be removed. Mosaic (precursor of IE) ran on the Macintosh before it ran on MS-Windows. When Mac OS X came out, it came with IE. In 2003, Apple released Safari and it came with the subsequent versions fo the operating system. Microsoft pulled IE for Macintosh one week after Apple announced Safari.
It is a good thing Apple does not tie operating systems to browsers and vice-versa. Though IE only run on MS-Windows, Safari runs on Mac OS X and MS-Windows. Microsoft's reason for pulling IE from the Macintosh was that they "couldn't compete with Apple".
Obviously, Apple has no problem competing with IE on Microsoft's own operating system platform. You can take this to mean that Apple is more successful than Microsoft at competing with their web browser on a different OS platform or that Microsoft was not being fully honest.
So as far as the subject of web browsers goes - other operating systems are not monolithic with respect to web browsers. According to Microsoft's sworn testimony in court of law, IE is a monolithic part of MS-Windows.
The next version of MS-Windows, Microsoft recently claimed to the EU, will not include IE and users will have to install it as a separate download. However, until that happens or the torrent of successful exploits is drastically reduced, the comment "monolithic ways are killing them" is a fair statement.
Bringing up the subject of the Linux kernel in a thread discussing IE's known problems and the the impact they have is totally off topic. Attacks on Linux users is completely spurious rhetoric and even more wildly off topic. - unluckier, on 07/09/2009, -1/+3What's odd about this case is that Microsoft themselves states:
"Our investigation has shown that there are no by-design uses for this ActiveX Control in Internet Explorer which includes all of the Class Identifiers within the msvidctl.dll that hosts this ActiveX Control."
They could have easily set kill bits for these controls during any of the patch Tuesdays that have passed. No new code to test... just prevents the controls from being used in IE. - inactive, on 07/09/2009, -1/+3I'm not calling anyone stupid for not knowing something; I'm calling the people that claim they know better stupid since, more often than not, they simply don't.
I don't know how to fly a plane. Surely a pilot wouldn't call me an idiot for that. But I bet that pilot would ridicule the guy criticizing his flights when said antagonist has not a clue what he's speaking on. - DaveVII, on 07/09/2009, -6/+8There are security flaws in all of those browsers too...but because they don't have the majority market share the way IE does its not worth hackers time finding them.
- Plonkely, on 07/09/2009, -0/+2Netdroid, in the EU Microsoft have to ship a version of Windows 7 without IE8. In fact, not just a version - they're not shipping a version of Windows 7 with IE to Europe. OEMs can still install it, but if you were to install it on an existing machine, you'd get Windows 7 sans IE8.
- gamepr0, on 07/09/2009, -0/+2No but the fix should have been there after 18 months if it's a major vulnerability.
- Viper244, on 07/09/2009, -1/+3You mean just like the Java vulnerability in Mac OSX that Apple ignored for months until someone released an exploit? This was not made popular by the Digg community, but if it's Microsoft and they MAY have known about it, then it's a big deal.
http://www.informationweek.com/news/hardware/mac/s ... - AraleNorimaki, on 07/09/2009, -1/+3No. No. That's not true. That's impossible!
- JohnnySoftware, on 07/12/2009, -0/+2I think we are all fed up with these web browser bugs at this point - especially the ones with security implications or user data-loss hazards.
It companies would disclose how many security, data loss, and rendering bugs they had - along with whether it worked in the latest version of its two largest competitor's products, I think we would all be a lot better able to see the light at the end of the tunnel. Or at least figure out how far of it was. Or failing that, determine that we were in the wrong tunnel. - JohnnySoftware, on 07/10/2009, -0/+2Don't digg this guy down blindly.
First of all he is right that anti-virus software is one more piece collection of sometimes flawed code for virus programs to get their hooks into. Second of all, he is right that Windows policies can help reduce risks and that this source of assistance is often overlooked. - moothemagiccow, on 07/09/2009, -0/+2geez, big deal. force your users to upgrade IE. I'm not tired of coding for IE6, but I'm tired of the UI limitations
- JohnnySoftware, on 07/12/2009, -0/+1Supposedly, Vista and subsequent versions of the Microsoft operating system are not vulnerable to this exploit due to design changes that mitigate the consequences of the mistake. Even though it is still present, it does not cause the same harm as on Windows XP.
- Jeepy, on 07/09/2009, -0/+1here >>>>>>Sarcasm<<<<<<<< for people who seemed to have missed it.
- JohnnySoftware, on 07/12/2009, -0/+1At this point if there is any hacker in the world that does not know there are bugs in IE that they can exploit they are one ignorant dude.
-
Show 51 - 81 of 81 discussions
© Digg Inc. 2009
— Content created and posted by Digg users is