What is Digg?315 Comments
- michaelphw, on 06/02/2008, -14/+227Enter firefox.
- toxicityj, on 06/02/2008, -8/+128there's a huge difference between a faulty rendering engine and a full blown security hole...
- mrgodai, on 06/02/2008, -19/+125everyone should just use firefox, i know no browser is 100% flawless, but it's just too awesome.
- twtmc, on 06/02/2008, -63/+148I think it's really funny how Microsoft is talking about browser bugs for a browser nobody uses, but refuses to make IE7 view pages properly.
- JasonCox, on 06/02/2008, -21/+71Dear Apple,
Please stop coding for our platform. Between Safari and iTunes it's obvious that you guys need some serious help. Please hire some qualified Windows developers who can actually write secure code and not just Apple engineers who write a big clusterf*** of code and expect OSX to save them.
Also, please fire whatever idiot in marketing came up with the idea to auto-download Safari to Windows PC's through Apple Software Update.
Thanks,
-Windows Users - Haecceity, on 06/02/2008, -25/+72The blurb neglects to mention this part: "It turns out that if this flaw is exploited in combination with a second unpatched bug in Internet Explorer, attackers can run unauthorized software on a victim's computer."
So basically MS is saying that their browser sucks too (but it's really Safari's fault). - TriZz, on 06/02/2008, -1/+48Why is there a picture of a blurry cell phone for the digg submission?
- knightboat, on 06/02/2008, -8/+49"If they made IE7 render everything perfectly now, they piss off every web-developer on the planet."
Speak only for yourself. - vexingmodstwo, on 06/02/2008, -27/+66Heh, Apple's probably sitting back saying, "You know, this wouldn't be a problem if you used Safari on an APPLE!"
- hamobu, on 06/02/2008, -3/+40From the article: "It turns out that if this (safari) flaw is exploited in combination with a second unpatched bug in Internet Explorer, attackers can run unauthorized software on a victim's computer, "
Buggy proprietary browsers of the world UNITE! Who said Apple and Microsoft software can't work together! - jbenson2, on 06/02/2008, -19/+55The Apple Fan Boys are not going to like this.
- peaceninja, on 06/02/2008, -7/+37"Restrict use of Safari as a web browser until an appropriate update is available from Microsoft and/or Apple."
This is Microsoft's recommended action on their security advisory site. I don't see this being any attack against Apple.
http://www.microsoft.com/technet/security/advisory ... - Laminarcissus, on 06/02/2008, -12/+42PC: "Hi, I'm a PC"
Mac: "And I'm Mac"
PC: "Hey Mac, why am I getting all these executables dropped on my head?"
Mac: "Executables? I don't see any execu..."
PC: "Ow! Like that one!
Mac: "Oh that? That's not a problem."
PC: "Not a problem?! There are hundreds of them!!"
Mac: "La la la, not listening to you. Call back when you're wearing more hemp..." - ShiningSquirrel, on 06/02/2008, -3/+27Why?
The flaw also exists on the Mac version as well.
The only differance is where it downloads the files to. - BoneheadFarker, on 06/02/2008, -15/+39IE7 does not have bugs. Bugs imply that it doesn't work as designed. It works exactly as designed. Unfortunately the design was crap...
- JonLatane, on 06/02/2008, -9/+32Um... read the article. Safari's security "flaw" is just its download-handling procedure; it downloads a file immediately rather than asking for permission. While I agree this should be a configurable option, the real issue is that IE allows REMOTE EXECUTION of this code. So how 'bout MS fixes that, and lets Apple change their UI paradigm on their own time?
- estvir, on 06/02/2008, -8/+27You only find it funny because you're an idiot.
You try to make 2 things sound true when they're not. First, you try to make it sound as if Microsoft is constantly talking about other browsers (Safari) when they're not and second, you try to make it sound as if MS is 'refusing' to fix rendering issues with IE when they have (IE7 and IE8). - mephyt, on 06/02/2008, -3/+21It's still pretty unreal just how slow these corporations are to react to threats like this. I understand that things take time, but at the very least, there should be SOMEONE working on product security full time at all the companies that produce software as critical as this.
- Firehed, on 06/02/2008, -0/+16Having tried to develop fixes for IE6, I have to complement IE7 on doing something close to a respectable job. However I absolutely wish they'd fix the damn things after the fact - all I'd have to do is remove the link to a conditional stylesheet and my website would to back to rendering properly (but without the hacks!).
Of course, that's assuming that they actually FIX things, not just improve them. - keviniskool, on 06/02/2008, -7/+23Yeah, let's replace one closed source monopoly that only runs on Windows with another that lets anyone freely edit it and runs on anything.
- dynamojoe, on 06/02/2008, -9/+24Finally, a security warning that M$ was happy to announce!
- salmonmoose, on 06/02/2008, -18/+33It's called IE8.
If they made IE7 render everything perfectly now, they piss off every web-developer on the planet. Yes, IE7 was bad, but not as bad as IE6 by a long shot. - jugglingjon, on 06/02/2008, -0/+15A flaw that places unwanted executables on my desktop? Are you sure they didn't just run Apple Software Update? It's kind of designed for that.
- reaper527, on 06/02/2008, -0/+15FTA: "Apple may not be rushing out to patch this bug, however. Dhanjani says that Apple has told him that it is not treating the Safari bug as a security issue"
how exactly is this not a security issue? - SSUK, on 06/02/2008, -4/+18And Opera. It's an equal rival to FF and drives toward web standards with such passion. Competition is always good, as it keeps Mozilla adding new features to get an edge.
- VitriolAndAngst, on 06/02/2008, -2/+16It fulfills the iPhone quota.
- hasslinthehoff, on 06/02/2008, -3/+17Who cares? Does anyone actually use Safari on Windows?
- Tape99, on 06/02/2008, -4/+17Why are people saying that Microsoft pointing this out is bad.
If im going to use safari i would like to know what it may or may not let the webpage install.
So thanks Microsoft for letting me know and no thanks for you apple for giveing me a webbrowser thats let more virus in the IE does and not letting me know about it. - apec766, on 06/02/2008, -2/+15Good thing I use Firefox on both my mac and windows machines.
- jb0nd38372, on 06/02/2008, -0/+13You want a cookie?
- azbmr, on 06/02/2008, -1/+13Am I the only one that uses this:
http://code.google.com/p/ie7-js/ - TomFrost, on 06/02/2008, -1/+13I'm a professional web developer. I would gladly remove the IE7-specific code I've had to write for every page I've ever done if it meant that I'd never have to write it again.
- smergs, on 06/02/2008, -5/+15I'm burying your comment. Microsoft is only trying to help. Sounds like they realize it's a combination of an unpatched bug in their software and in the Safari browser. They aren't trying to play browser wars. They are trying to bring up a concern that could be potentially bad for the end user. These things take time to fix so they want to warn people not to use it until a fix is available.
- pixeldust, on 06/02/2008, -6/+16Did you even read the article? The problem with Safari is worse because of an existing bug in IE7.
- mlvassallo, on 06/02/2008, -3/+13My issue with Safari is that my iTunes Apple updater keeps trying to sneak it in every time there is an update for iTunes or Quicktime. If I wanted Safari I'd download it myself, but thanks for the help Apple.
- inactive, on 06/02/2008, -1/+11Exit light.
- jaymulder, on 06/02/2008, -0/+9Epic win.
- SSUK, on 06/02/2008, -4/+13While everyone is here wondering why the ***** Safari is still on automatic download for Windows' Apple Software Update. They could have at least taken it off while these bugs are apparent, then once they fix it, they can try and force it down our throats again.
While they're fixing bugs, you think we could get an option to NOT have ipodservice.exe open at start-up? You know, for those who DON'T have iPods and will probably never sync a iPod to the computer? Just a thought. - hamobu, on 06/02/2008, -7/+15Mac:"hello, I'm a Mac"
PC:"And I'm a PC"
Mac:"PC, have you installed that safe in your house for all your valuables?"
PC:"No not yet. I have been procrastinating for about a year but I will get around to it eventually. Good thing nobody else but you and me has a key to my house."
Mac:"Well...'bout that..." - 1shawn, on 06/02/2008, -0/+8Enter night.
- phantom_mullet, on 06/02/2008, -1/+9Like rain on your wedding day?
- scarwars, on 06/02/2008, -0/+8they also suggest a workaround:
Workarounds
Microsoft has tested the following workarounds. Although these workarounds will not correct the underlying vulnerability, they help block known attack vectors. When a workaround reduces functionality, it is identified in the following section.
•
Change the download location of content in Safari to a location other than ‘Desktop’
Launch Safari. Under the Edit menu select Preferences.
At the option where it states Save Downloaded Files to:, select a different location on the local drive. - Laminarcissus, on 06/02/2008, -4/+11Exactly -- shame on you, Apple, for not knowing how Windows handles desktop executables.
Firefox, Opera, and Mozilla don't have this vulnerability. I have 100 or so other internet-aware applications on my PC that don't exhibit this vulnerability, and some of those were developed by a dude in his garage.
I think we're discovering why Steve Jobs always tried to keep such strict control over the hardware and the software. Not for purity of vision, but because once Apple tries to develop for the real world they start overlooking things. - skidooer, on 06/02/2008, -3/+10Mac: I'm going to put some toxic chemicals on top of my desk for a few minutes. Do not eat them!
PC: OM NOM NOM - Sqlawl, on 06/02/2008, -1/+8I agree.
Any smart internet user knowns how to avoid harmful sites, so automatically downloading files should be an annoyance at most (and yes, it should have a dialog for it).
Remote Execution probably goes with the same thing I stated above, most internet users can avoid this, But it is far worse than a "carpet bomb" (that can take a few seconds to clean up). - mrBitch, on 06/02/2008, -0/+7That is a BRILLIANT summary of why Apple is not treating this Safari flaw as a big deal. Under OS X it is not a problem...
Microsoft really need to address the issues where numerous attack vectors exist that allow remote execution of downloaded files.
This is also one of the main reasons that you STILL need to run Anti Virus software - EVEN USING VISTA.
A well designed OS does NOT need Anti Virus software! - doshindude, on 06/02/2008, -1/+7autoinstall of safari=epic fail and loss of tons of apple software users.
- toxicityj, on 06/02/2008, -14/+20"Safari Flaw Worse Than First Thought, Microsoft Warns" Yeah, MS is in such denial.
- estvir, on 06/02/2008, -1/+7On Windows XP.
- estvir, on 06/02/2008, -1/+7Every OS, in fact, every piece of software has holes. Also, what version of Windows? What was the last major Windows flaw? Where are all the holes in Vista they have been exploited?
There's so many questions.. -
Show 51 - 100 of 317 discussions
The Digg Toolbar for Firefox lets you Digg, submit content, and keep track of Digg even when you're not on the Digg site. Download the official 
© Digg Inc. 2009
— Content created and posted by Digg users is