What is Digg?Sponsored by HTC
Who knows you better than your phone? view!
youtube.com - See you from the perspective of your phone.
143 Comments
- armbar, on 10/12/2007, -5/+112Hey everyone! Let's get emotional about it!
- inactive, on 10/12/2007, -11/+64Don't you mean,
"Next patch in 1.. 2.. maybe 3 months?" - inactive, on 10/12/2007, -13/+49don't worry, they will provide a patch in 1 month after the 1XX vuln :P
- PathDaemon, on 10/12/2007, -15/+51In Soviet Russia, bugs find you!
- ClassicJBC, on 10/12/2007, -12/+48@paulmike3
You fail at Soviet Russia jokes. - mikaelc, on 10/12/2007, -5/+39Actually it is quite severe: code on any website can retrieve information from another site and send it back to the server. The problem with this is, that the website can do this using your credentials:
If you have visited e.g. GMail earlier in your browser session (and not logged out - which nobody does), a stored session cookie would allow the JavaScript from the website to retrieve your mails without logging in - and to transmit it back to the webserver. Other possible targets could be your online banking system.
The malicious website would need to craft specific attacks for specific services, and the user needs to have an open browsersession with the specified service, but it is a security risk. - redcard, on 10/12/2007, -30/+59It didn't take months for FF to have flaws reported, it took months for the Mozilla Org to release patches for it. Check the bugbase.. there's a difference between when something is found and something is patched. 24 hours seems kinda slow, actually. I think Firefox's 1.5 had something found in less than that.
- haooken, on 10/12/2007, -28/+54Well of course. This is really news? One of the most used applications for the most used opperating system made by a company everyone loves to hate. Frankly im supprised it took this long. At least the Linuxtosh fanboys will have a good day today.
- HarryBauzonia, on 10/12/2007, -6/+31"just grow up or go write your own software if you think it's that bad."
Linux developers did just that. - portis, on 10/12/2007, -21/+45It looks like it's still called Internet Exploder. *grins*
- byronm, on 10/12/2007, -5/+29I'm running IE7 on vista and it popped up "Your browser does not appear vulnerable to this particular exploit"
- zigamorph, on 10/12/2007, -12/+36I wonder how long these guys sat on this? They cannot say this was not in the RC's. I hate security firms that purposely time crap like this. The same way I hate polititions that pull out October surprises. When you know about it tell the world don't sit on the information to gain an advantage later on.
- inactive, on 10/12/2007, -5/+26"Your browser does not appear vulnerable to this particular exploit"
... Opera 9.02. w00t! - DharmaTurtle, on 10/12/2007, -2/+20Whoa whoa whoa. Maybe they're the same person.
On another note, you read digg and slashdot? I thought I had no life... - DrSkrud, on 10/12/2007, -1/+19The exploit does say that they tested it on a fully patched *Windows XP SP2* system. It could be that the vulnerability doesn't affect IE7 on Vista.
But that being said, this isn't a new vulnerability, since it already exists for IE6.0: http://secunia.com/advisories/19738/ - tsupersonic, on 10/12/2007, -5/+22Running XP with latest updates and IE 7 latest, and it says Your Browser is Vulnerable.
Damn, I was just testing IE 7, back to Firefox/Opera. - spinxter, on 10/12/2007, -3/+16"I also had a weird issue where the I didn't have any of the Menu functions (File, Edit.. ) visible."
That's not an "issue." It's a feature. IE7 doesn't have those menus. - shakin, on 10/12/2007, -10/+23I agree that IE7 is vastly improved over IE6 for end-users. I will not give them credit for doing a good job for two reasons.
1. They failed to update web standards support to an acceptable level. It's obvious that despite Balmer's "developers, developers, developers!" rant that Microsoft doesn't care very much about web developers. And people still wonder why developers were the first people to switch to Firefox?
2. Microsoft abandoned IE for many years. They only created IE7 in response to losing market share. I can't respect a company that leaves 90% of computer users out in the cold with crappy software. - Teaboy, on 10/12/2007, -4/+16So basically, "less than 24 hours passed" is a load of bollocks.
- sx86, on 10/12/2007, -1/+13I believe it was. just tested with IE7 Beta and XP SP2 and found IE to be vulnerable.
- r0Ot3d, on 10/12/2007, -10/+22"At least the Linuxtosh fanboys will have a good day today."
Don't you mean Firefox fanboys, I'll bet there are more Pro Firefox posts here than Pro linux/ Mac. - inactive, on 10/12/2007, -1/+13It's amazing how bitter some people are towards MS. I hate IE for the fact that it's not standards compliant, as do most other developers. I typically also dislike MS -- However, people seem to just be looking for a failure point of MS. Get over it, it's a bug. You should see how many bugs are found after software is released and are located within the first day of its release. QA can't possibly find every bug in such a large application.
- gotamd, on 10/12/2007, -1/+12Since IE 7 has been out in beta and RC form for so long, this probably was found earlier and just wasn't reported until now.
- Teaboy, on 10/12/2007, -3/+1424 hours? So this exploit wasn't present in the betas?
- Nanobe, on 10/12/2007, -4/+13This is just a previously known Internet Explorer 6 vulnerability they decided to publish again for Internet Explorer 7. It seems kind of odd that Secunia would do it this way.
Original advisory: http://secunia.com/advisories/19738/
New advisory: http://secunia.com/advisories/22477/ - gotamd, on 10/12/2007, -4/+12I completely agree. The title here is misleading since people have had the better part of a year to test IE 7. They just didn't report this flaw until now. I *highly* doubt that anyone actually discovered this flaw for the first time in less than 24 hours after IE 7's release.
- maukdaddy, on 10/12/2007, -8/+16Agreed. Don't dig zigamorph down...he's exactly right.
This is the most unprofessional thing I've seen in a long time. - mikaelc, on 10/12/2007, -3/+11XP SP2 fully patched, and IE7 (7.0.5730.11) - the test showed I was also vulnerable.
- bsummersett, on 10/12/2007, -2/+10I think you're preaching to the choir
- Jaymoon, on 10/12/2007, -2/+9XP Pro SP2 IE7 RC:
--------------------------------
Result (The result of the test will be displayed below)
Your browser is vulnerable! The test retrieved content from news.google.com in the context of your browser.
This actually means that if you were logged into your bank account, any web site you are visiting would be able to retrieve confidential data from your bank. This could also be used to retrieve personal settings entered on sites like eBay or Paypal.
--------------------------------
Maybe it's an XP-only bug? Or like the site suggested... disable active scripting support. - Egoist, on 10/12/2007, -3/+9I disagree. While their standards compliancy is still on the lower end compared to other browsers, I no longer need a separate stylesheet or hacks to get IE to display like Firefox/Opera/etc, and that's enough for me.
Anyone who gives a ***** that their browser doesn't pass the Acid2 test eventhough it displays the page as the designer wants needs to step away from the computer for a while. - digitalsin, on 10/12/2007, -1/+6Marked as inaccurate. This is not an IE 7 specific issue, but rather a combination of IE 7 and Windows XP.
I am running Vista RC2 and IE 7, and I am not vulnerable. - cdharrison, on 10/12/2007, -1/+6OMG! NFW! Seriously guys, come on. There is no such thing as perfect software. Get off the frickin HATE WAGON. Microsoft was lazy with it's browser technologies and they're scrambling to play catchup before they lose much, if any more, marketshare to Firefox, Safari, Opera, etc. Errors are going to happen.
At least be happy that they finally released a browser that renders pages more accurately. - steviepunk, on 10/12/2007, -4/+9The whole point of public beta and RCs is so that people outside the company are able to test the software to help improve it, whether in features, refinements or bugs.
As the problem is still there in the final release, then it is obvious that the IE dev team had not found it prior to release. If you used IE and fell foul of an abuse of this exploit, who would you blame? Microsoft - who have been making great efforts with public pre-releases in order to find bugs, or the company that found the flaw prior to release and didn't report it? Had it been reported, it could have been fixed.
Now, whether they did sit on it or not is another question, however I'd say that yesterdays full release of IE7 would certainly not be the first time this company has looked at it.
On the other hand, according to their website, the same venerability was present in IE6, so would be fair to say that they would have tested the venerability on IE7 since beta. Would also be fair to say that Microsoft should have tested for it as well.
http://secunia.com/advisories/19738/ - Pwelborn1, on 10/12/2007, -4/+9All you have to do is go to Add/Remove programs and uninstall IE7. You then have IE6 back exactly the same as it was.
- rosufo, on 10/12/2007, -2/+6Watch out!!!!
If you say anything positive about MS or its products you might get dugg. - FyberOptic, on 10/12/2007, -2/+6Holy crap, someone found a minor bug in a brand new piece of software. STOP THE PRESSES.
- unknownsoldierX, on 10/12/2007, -5/+9The option to turn on the menu bar is under the tools dropdown menu
- spinxter, on 10/12/2007, -1/+6Ha! ^^
- mskadu, on 10/12/2007, -3/+7I am running IE7 too and says you are not vulnerable. Whats the deal?
- inactive, on 10/12/2007, -14/+17When Firefox reached 1.0 they had an impressive list of open bugs. Many of them are still open.
- techykid, on 10/12/2007, -2/+5Exactly !! The only advantage FF had all these days was Tabbed Browsing.. IE7 has it now and also faster, stable and great features. I tested FF2 Beta . It takes ages to startup and sucks big time !! So now FF wiil go the Linux way in Home Computing. Only the Anti-MS guys will use it who never change even if the MS product is genuinely good. And ofcourse the GreaseMonkey kids too.
- bpapa, on 10/12/2007, -1/+4Uhhh... duh? I don't use IE and I don't like Microsoft, but obviously you are going to see things like this pop up right after release. It happens with all software.
- larfus, on 10/12/2007, -1/+3It runs in IE6 as well.
- rodtrent, on 10/12/2007, -2/+4Folks -- the fix is a manageable setting. Not necessarily a vuln. Most companies have Active Scripting turned off anyway.
- Teaboy, on 10/12/2007, -1/+3I've uninstalled IE7 a few times and it has restored IE6.
edit: Pwelborn1 beat me to it :P - mastercheif, on 10/12/2007, -8/+10O cmon, there is NO excuse for how many exploits there have been found for IE. Sure, it is a widley used program, but Zero Day exploits ever other ***** day!!
- jonj, on 10/12/2007, -1/+2I've had IE7 betas for months now. it's not like this is a brand new application.
- succubuskiller, on 10/12/2007, -7/+8I downloaded and installed /uninstalled it yesterday. Besides the WGA activation, and installation which needed restart it wasn't what I was expecting. I disregarded those issuses, but its loading time was pretty bad with just Google Toolbar, there was a great delay till the toolbar loaded and startup time. Much slower than IE6, or FireFox, I think a little faster than Opera 9. I also had a weird issue where the I didn't have any of the Menu functions (File, Edit.. ) visible. In the end I uninstalled for now, and go with FF/IE6/Opera.
- jonj, on 10/12/2007, -3/+4"If Microsoft actually employed some proper programmers - not the point-and-click wankers they currently have... then they might be able to release a working product."
A statement like this only makes you look ignorant. -
Show 51 - 100 of 143 discussions
© Digg Inc. 2009
— Content created and posted by Digg users is