[MW Forums]

Less than 24 hours after the launch of Internet Explorer 7, security researchers have found a flaw in the new browser. more

[sparky67]

I find this "news" to be non-news. "M$ product full of security holes"... you're kidding, really?
What does surprise me is M$'s inability to do things differently after opening the door in their faces hundreds of times.
Here's an idea... how about pre-releasing the software to these security companies. Then pay them an incentive for finding the problems. If they don't want to participate by M$ rules, then find other security companies willing to make some cash.
At least it might save them a little embarrassment.
How many of these stories are we going to read the day after Vista is released? No, wait, we're reading them now.

[griffman]

IE 7 was available as a free public beta for many months; I've had it running on XP under Parallels for quite a while now.
-rob.

[sparky67]

Quote:

---

IE 7 was available as a free public beta for many months; I've had it running on XP under Parallels for quite a while now.
-rob.

---

I don't dispute that.
I'm just thinking that M$ could enter into contractual agreements with various worldwide security firms and then pay them to find these problems before the official release date.
It's amazing that after all these years M$ is still too large and stupid to at least hire others to do what it constantly fails to do... find the holes before the release.
Corporate image must not be a concern for them, I guess.

[vfx2k4]

Or maybe an even uglier truth: the MS realizes there is too much of an infrastructure existing in these security firms or maybe even gets a significant cut of the anti-virus software needed to combat these flaws. Plus there's always good old FUD. Why release a secure product when not releasing one has kept MS at the top for years?

[macFanDave]

Do this affect the Mac OS X version of IE7?
Wait, there is no Mac version of IE7 !!!!
Hallelujah!
Hallelujah!
Hallelujah! Hallelujah! Hallelujah!
Schadenfreude party at my house!

[HardToExploit]

It is hard to exploit the flaw because it requires the attacker to lure someone to a malicious site, and for the attacker to know what other secure site the visitor might simultaneously have open

[VidPro]

Quote:

---

It is hard to exploit the flaw because it requires the attacker to lure someone to a malicious site, and for the attacker to know what other secure site the visitor might simultaneously have open

---

I would agree with this if the malicious site had one and only one chance at guessing the other site. Remember, though, that we're dealing with computers here that can attempt various websites' information in quick succession that may fail until finding a valid one before you have a chance to back out.
I don't think this is a difficult exploit at all.
Editor's note: Please use the "quote" tag, not the "code" tag to quote comments. The code tag will not line break, leading to very wide posts.

[sefton]

Microsofts efforts to stop phishing in IE7 may have a few flaws as it warned me that I was on a potential phishing site.
That site was one of Microsofts own as I checked on our Schools License Agreement.

[MacTechAspen]

Quote:

---

It is hard to exploit the flaw because it requires the attacker to lure someone to a malicious site, and for the attacker to know what other secure site the visitor might simultaneously have open

---

Yes. And while you may seem to be defending Windows by tacitly implying that the threat is overblown, know this. The attack works great as a Phishing scam. You simply open the bank log-in in a separate window. So... you send an email that says your bank account is in danger at a known national institution, such as Bank of America. The reader panics, clicks on the link and a quick blank, and small innocuous window appears and then the bank window appears over top of it. Since pop ups are not unheard of on the Windows side of things, it is easily ignored. The poor dupe now logs into their account, and their password pair is stolen.
Not only does this sounds plausible, I get what I can only assume to be these very emails, on a regular basis.
IE7 was supposed to reduce vulnerability to Phishing by at least patching the hole they have known about for months. It failed to do so.
If Microsoft want's Apple not to make jokes at Microsoft's expense, regarding viruses and security, they should stop making stupid mistakes and facetious claims.

[ice_cold_irony]

Isn't the point of this article not that the security flaw is a minor one or that it is hard to exploit, but that IE7 has been released to the wider public for less than 24 hours and someone already has found one security flaw? To me this just signals that security and virus issues will be as, if not more, prevalent in IE7. Also, does this raise anyones hopes for the security of Vista? I mean if this is Microsofts new fancy tabbed browser released in anticipation of Vista, what will stupid problems like this mean for Vista?

[DJRizzo]

Quote:

---

Schadenfreude party at my house!

---

I'm nearing my first anniversary as a Mac user after using PCs for over a decade. Every time one of these articles come out Schadenfreude is exactly what I feel. Today that's especially true after reading on the same day that Apple is increasing market share.

[Rugby]

OK hands up all those surprised... hey guys you could at least pretend to be surprised /forums/ubbthreads/images/graemlins/tongue.gif

[nelson92]

Quote:

---

OK hands up all those surprised... hey guys you could at least pretend to be surprised

---

I'm surprised it took so long as a day. /forums/ubbthreads/images/graemlins/grin.gif