Slashdot Mirror

← Back to Stories (view on slashdot.org)

Major IE8 Flaw Makes "Safe" Sites Unsafe

Posted by kdawson on from the keep-your-scripts-to-yourself dept.

After this weekend's report of a dangerous flaw in IE (which Microsoft confirmed today), intrudere points out an exclusive report in The Register on a new hole in IE8 that could allow an attacker to pull off cross-site scripting attacks on Web sites that ought, by rights, to be safe from XSS. This is according to two anonymous sources, who told El Reg that Microsoft had been notified of the vulnerability a few months ago.

9 of 83 comments (clear)

  1. In other news by Dartz-IRL · · Score: 5, Insightful

    Rain is wet....

    Despite MS best efforts, IE just won't shake it's 'insecure' tag, will it?

    Part of me wonders if perhaps these vulnerabilities aren't being made a big deal of because of the reputation of IE6. The rest of me which started using Firefox a long time ago just feels smug and superior.

    --
    So there I was, scribbling down some notes off the PC screen by hand, when I reached for the keyboard and Ctrl-S'd.
    1. Re:In other news by Anonymous Coward · · Score: 1, Insightful

      Are you sure you should be feeling so smug?

      Slashdot posted that Firefox may not be as secure as you might think it is.

      http://tech.slashdot.org/story/09/11/11/1626224/Firefox-Most-Vulnerable-Browser-Safari-Close?art_pos=5

    2. Re:In other news by erroneus · · Score: 3, Insightful

      The browser is a still an integral part of the OS. All else follows.

    3. Re:In other news by DJRumpy · · Score: 5, Insightful

      Yes, after months or years of testing. Had IE been standards compliant in the first place, without all of the OS specific hooks, many companies wouldn't be in this boat.

      It is not an insignificant effort to get off of IE 6, especially without many thousands of users, and hundreds or thousands of apps that will break, or require testing under Windows 7's Virtual PC software.

  2. Re:See, Microsoft is right by Penguinisto · · Score: 2, Insightful

    Strangely enough, I'm torn between demanding a funny mod or an insightful one for you.

    ...times like this that /. really need a "Funny-but-Damned-Clever" mod.

    --
    Quo usque tandem abutere, Nimbus, patientia nostra?
  3. Redundant by gyrogeerloose · · Score: 3, Insightful

    "IE8 Flaw" is, in and of itself, a redundancy.

    --
    This ain't rocket surgery.
  4. Re:Breaking News by Penguinisto · · Score: 4, Insightful

    Internet Explorer is perfectly safe for everyday use.

    As long as you follow the old US gov't C3 security guidelines/settings for Windows NT 4.0 while you do it, sure.

    --
    Quo usque tandem abutere, Nimbus, patientia nostra?
  5. Re:Breaking News by clint999 · · Score: 0, Insightful

    ...times like this that /. really need a "Funny-but-Damned-Clever" mod.

    --
    College-Pages.com - Online Colleges, Degrees, and Programs
  6. Now that other companies browser has a huge flaw! by fluffy99 · · Score: 1, Insightful

    When asked why they are disabling the XSS protection in IE8, Google responds that IE8 has a undiclosed vulnerability. Anyone here think Google is just mud-slinging to disparrage the main competitor to Chrome?