Don't Hit That Back Button
Saint Aardvark writes: "From the Bugtraq mailing list comes this warning: 'Using the Back Button in IE is dangerous'. When hitting the back button, javascript links will be executed in the security zone of the last url viewed. Proof-of-concept included in the warning will execute minesweeper or read your Google cookies."
Stupid MS...
First POst
I have a mouse button mapped to go back. I don't have to click on that stupid arrow like you freaks.
Using open source software is harmful as well, pressing any button is likely to cause it to segfault
that this is probably the first Microsoft's heard of this bug, and by the end of the week they'll have a "Critical Update" for us SE users and a forced bug fix for everybody on XP?
/. readers, cough) generally seem to support Mozilla. Feh.
Big whoop, considering the people who know about it (cough,
Matthew G P Coe
http://mgpcoe.blogspot.com/
Microsoft seems to really be taking it in the shorts of late -- you can't help but feel a little sympathy watching the pathetic Benny-Hill skit that is their attempt at "trustworthy computing". Feels like the blonde's lost her dress and an angry mob is chasing Gates through the streets of London in double-time. Even hindsight makes it seem that much more pathetic.
This is one of the most beautiful bugs I've ever seen - Microsoft is clearly an innovator in bringing ever-more-advanced, aesthetically-pleasing bugs to customers.
Seriously though... there is a true elegance to this vulnerability that one rarely sees in the usual passel of buffer overflows, etc.
This bug combines a canonical and visceral piece of browser functionality (back-button) with a conceptually and technically advanced, as well as invisibly-controlled piece of browser functionality (site-specific browser security settings). What wonderful juxtaposition!
C'mon! At least this is far better than the usual "ironic" bugs that come up (i.e. default passwords in a security program - har-de-har-snore).
With every passing week, MS gives us more and more reasons not to use their POS browser. Whereas Mozilla is quickly becoming the undisputed king; tabbed browsing, filtering popups, better security options, and .. oh yeah, it's open source.
;-)
_ stats.a sp
Take that, Microsoft.
With every passing week, the memory of Netscape/Mozilla fades even farther into the depths of the publics' memory. If Netzilla or whatever it is ever had the user base of IE, you would see just as many advisories about it's security flaws. That's what really gets me, people comparing a hardly used piece of crap to the most used piece of software probably in all time.
Browser statistics shown here:
http://www.w3schools.com/browsers/browsers
Speak clearly enough.. more than 90% of the people using the web, use IE. Just in case you were thinking of using some fucked up open-source whack-logic or something.
'Using the Back Button in IE is dangerous'.
That was supposed to be 'Using IE is dangerous'.
"that's not encryption - it's a new perl script that I'm working on..." - from some Matrix parody
since when was using anything in IE safe?
I've found that clicking on the little square with the "X" in it at the top of the window is pretty safe.
- A.P.
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
not sure if /. is screwing up the base64. might need to cut-and-paste the source into your own html file and view it in mozilla. but pretty kewl!
grr!
foo
bar
You fools!
Some stranger on slashdot posts a link saying "this will exploit a security hole in your web browser" and you CLICK ON IT???
j/k, now everyone click on this link!
why is there no "dumb" or "poser" moderation option?
"all broken things dream of repair" - chris letcher
But Opera isn't Open Source. The only way to cure the ills of M$ is to use code that is open and fixable by everybody.
Time is what keeps everything from happening all at once.
Bench the latest Mozilla build (turn off debugging and turn on optimization, just like a normal release build) and post that again. Of course, to really shine, run it on Linux or a free BSD.
.01% faster at rendering one specific part of certain pages that are only used in less than 1% of all websites. IE renders the majority of all websites faster.
... but I don't need them because it runs so much slower that my eyes can easily perceive the sluggishness of the system when compared to a Windows Desktop.
First of all I don't need benchmarks to show me that IE is faster. The difference is night and day. I don't care if Mozilla is
Secondly, Windows 98SE, 2000, or XP blow the socks off any Linux Desktop I've ever used. Notice I said DESKTOP. I love using Linux for Server related tasks but it STILL (as of 4/17/2002) sucks on the Desktop. I don't have benchmarks and performance results to backup my claim
If I run a "bare bones" setup such as Window Maker with no Desktop Manager, then the speed is better. But that's not a fair comparison to Windows any more. KDE and/or Gnome is a fair comparison to Windows in terms of resource usage.
And for the curious, NO - I am not running Mandrake or prebuilt packages. I have compiled everything myself optimized for my hardware. It makes no noticeable difference.
My Linux Desktop machine is fun to play with and it is quite useable for just about anything I need to do. But I don't even try and pretend and fool myself that it's "better" than Windows because it's not even close.
with that asinine Konqueror troll.
"If IE's Windows integration is a monopoly, then I'm all for the removal of Konqueror from KDE."
Let me assure you that the irony of you posting this drivel in a discussion thread about the latest exploit for IE has escaped no one. You are making quite the fool of yourself.
Do not spread "09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0" over the internet, thank you.