Slashdot Mirror

← Back to Stories (view on slashdot.org)

Controversy Surrounds Huge IE Hole

Posted by CmdrTaco on from the no-surprise-here dept.

Suchetha wrote in with a Wired News bit talking about security hole in IE that allows malicious web pages to reformat a hard drive. The Wired talks more about bugtrack's handling of the whole thing, and how it essentially posted working code for the exploit. Was it irresponsible or not?

6 of 740 comments (clear)

  1. irresponsible? by geekjive · · Score: 1, Redundant

    the irresponsibility lies with the company who released IE - with huge holes. once the holes are found, it is then their job to release patches, no?

    ok, ok, it's redundant, but someone had to say it again.

  2. I am NOT surprised. by Noryungi · · Score: 2, Redundant

    I know some people will probably moderate me down for this, but I don't care.

    Like the title says: I am not surprised. Microsoft probably has the poorest security track record of any software publisher out there.

    Maybe Bugtraq has not been very serious in its handling of this security hole, but, honestly using Microsoft operating systems or applications without a ton of additionnal security software (antivirus, firewalls, etc) is asking for trouble.

    In my opinion, Bugtraq is not responsible: Microsoft is. If you use Microsoft products, do as I do: do not use IE (I use Opera or Mozilla), do not allow any application to have access to the Internet without authorization (I use Zone Alarm), do not use Outlook for email (I use Pegasus Mail) and install and update an antivirus program religiously (I actually use two).

    Two, out of my 4 personal machines at my home, use either Linux or OpenBSD. One is a Windows 98 machine. The last is being rebuilt and will become a NetBSD workstation. And there is a reason for it: Microsoft security (or rather lack of).

    Now, flame all you want. =)

    --
    The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
  3. Re:Shooting the messenger .. by tshak · · Score: 1, Redundant

    As already posted, "Since Novemember"? At best that's 19 days. At worst it's today. Either way, when you care about testing (vendors don't release untested patches) you need a least a couple of weeks of time AFTER you've already coded a fix.

    --

    There is no longer anything that can be done with computers that is nontrivial and clearly legal. -- Paul Phillips
  4. Re:Shooting the messenger .. by truesaer · · Score: 1, Redundant

    Ok, so they acknowledge that microsoft has known about the problen since November

    News flash, it IS NOVEMBER RIGHT NOW. You say that like it was November of 1998 or something....who knows how long they have known it could be 24 hours.

  5. Re:Of course it was irresponsible by el_chicano · · Score: 1, Redundant
    If you were confronted by someone who had just lost a bunch of important data because of this exploit, do you really think they'd be impressed if you said "But I was trying to make a very important point to Microsoft!".
    But why be pissed off at the script kiddie? It seems that Microsoft is the one to blame here if their OS cannot protect important files for you. Be pissed-off at M$ instead!

    For the particularly insightful Microsoft-loving PHBs this could be an ephipany moment -- a combination of enough licensing/cost issues plus major security problems could make it too much bother to run Windows. The PHB looks over at the multi-proc Unix boxes handling terabyte-sized Oracle databases and a little lightbulb goes off over the PHB's head...
    --
    A man who wants nothing is invincible
  6. Re:Irresponsible? by j_rhoden · · Score: 0, Redundant

    You're forgetting that at least 70 percent of the people here are incapable of thinking of it as something other than a "MS deserves this" matter...