[4683] in WWW Security List Archive
RE: Big IE hole
daemon@ATHENA.MIT.EDU (Goncalo Valverde)
Thu Mar 6 06:33:07 1997
Date: Thu, 6 Mar 1997 10:31:08 +0100 (MET)
From: Goncalo Valverde <grumbler@esoterica.pt>
To: Thomas Reardon <thomasre@microsoft.com>
cc: "'www-security@ns2.rutgers.edu'" <www-security@ns2.rutgers.edu>
In-Reply-To: <c=US%a=_%p=msft%l=RED-76-MSG-970305195741Z-202786@INET-02-IMC.microsoft.com>
Errors-To: owner-www-security@ns2.rutgers.edu
Greetings!
On Wed, 5 Mar 1997, Thomas Reardon wrote:
> Lets be clear: it IS fixed now. Please see http://www.microsoft.com/ie
>
> We take this kind of bug VERY seriously. We had a whole team of
> engineers up all night working on the fix. At the same time, we didn't
> want to cause undo panic with current users. The fact is/was that no
> users of IE had experienced any maliscious effects to date, though
> clearly they were vulnerable.
Well, but one almost laughs when reading the folowing:
" webmaster would have to create malicious code in order to enable the
threat."
In the Microsoft comments.. were talking about the Internet, where
virtualy anybody can put up a web page, and you can bet that there are a
lot of people that would create malicious code, some of them just for the
fun of it..
I always thought that Microsoft's security concerns about the exploits of
ActiveX where laughable (big deal if i know who is the responsible for the
code, if they gather personal information from my computer and im not
aware of it), but this brings a whole new dimension to it... (fortunatly
im using a Linux machine at work, so IE and ActiveX isnt even an option
:-))
--
This space for sale
