About Me:
I'm a 32-year old Bronx livin' sarcastic bastard. If you cross me, I'll shred you. I have no problems sharing my opinion whether you want to hear it or not, so get used to it. There's a lot of it going on here. Hang around if you'd like and comment if you dare.
Meta
Recent Comments
Blogroll
Archives
Disclaimer
All e-mails sent to Vincent Ferrari or to any address at insignificantthoughts.com are considered for publication regardless of any disclaimers placed in the e-mail. It is automatically assumed that an e-mail sent is for publication purposes. Sending an e-mail with a disclaimer does not bind this site or its owners / moderators to adhere to your request. Thank you for playing!

IE7 Bug Has Potential to Cause Lots Of Crap

So Nick told me in the comments of one of my posts to read the IE Blog when I noted the discovery in the nowhere-near-old version of IE 7 of a pretty serious bug. I didn’t need to go far, though, to find out that the bug isn’t one in Outlook Express, as most seem to be insinuating, but a more serious bug that possibly runs a lot deeper.

Betanews said so after doing tests:

In examining the source code of Secunia’s page, we found that a JavaScript function first generates a resource location using pieces of strings, plus a randomly generated number as a throw-away parameter. The location points to a page that apparently triggers an HTTP 302 signal, purportedly that the site location has been rerouted.

The problem occurs when the browser — or some other component of the Web browsing process — takes the address of the rerouting for granted. With recent versions of IE, including IE7 in our test, the browser pulls up the alternate address regardless of what it contains.

[...]

Yesterday, as we reported, Microsoft stated that the vulnerable component was actually attributable to Outlook Express, not Internet Explorer. Back in 2003, when the vulnerability was first discovered, Microsoft did direct users to download Outlook Express patches, although those patches may have successfully shut off the accessibility for that vulnerability through OE, rather than change the redirection function itself.

This evidence indicates that the source of the vulnerability is probably deeper than both OE and IE.

MS has a lot of work to do if they’re going to live up to the claim that Vista is the most secure version of Windows ever. As Steve Gibson says on a regular basis, the moniker of secure is something that’s earned, and as of right now, Vista (as well as IE 7) is unproven.

Maybe in the future it will be, but one thing’s for sure. It’s off to a pretty shaky start.

Technorati Tags: , , , ,

This entry was posted on Friday, October 20th, 2006 at 8:50 pm and is filed under Geeky. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

Viewing 1 Comment

 

Trackbacks

(Trackback URL)

close Reblog this comment
Powered by Disqus · Learn more
blog comments powered by Disqus