Slashdot Mirror
Google Fixes IE Bug
aussie_a writes "Without accepting blame Google has quickly patched the vulnerability, without requiring users to download a patch. Previously covered by Slashdot, the flaw allowed people to access files and passwords on a computer via any website when viewed with IE while running Google Desktop." From the article: "'Google was able to address the problem quickly because it didn't require changing any code at the user's desktop,' MacDonald said. 'Google applied more stringent security controls on its main site, which shut down the exploit.' The incident does raise important questions about Google as a desktop software vendor and its plans for rolling out future security fixes, said MacDonald. "
I create web apps for a very widely distributed organization. We have dozens of different offices, all using their own type of Internet connection.
2 of our ISPs (which are actually government agencies) have blocked IE usage completely. They simply can't get on the network using IE.
This was in response to last week's security issues.
One of the apps we run uses IE specific (Active X) controls. They are not required but they just make it much easier for the users. Now those have been blocked in two locations- causing me a lot of headaches. Of course, the standard answer would be, "why did you use IE specific code?" It was an option for users...but they began to rely upon it.
So I for one, wish that Microsoft would either:
A- fix the security problems
B- release an 'IE Secure' browser, that is stripped down but secure
or
C- Umm...short of fixing the problems I don't have many other needs.
I really wouldn't mind if they had a totally secure version of their browser. Just stripped down functionality (cookies, javascript, etc) and pull out the other junk. Yes...we used some of the other junk, but at the time it seemed like a good idea.
By the way, I am now on the market for a good cross-browser in-line WYSIWYG HTML editor. A flash version would be great too.
No reason to lie.