Tim Mullen, 2004-06-28
Criminals are benefiting from an Internet Explorer that's so complex even Microsoft can't predict its behavior.
Colapse all |
Post comment
Redmond's Butterfly Effect
2004-06-28
Anonymous (1 replies)
Anonymous (1 replies)
Redmond's Butterfly Effect
2004-06-29
Mene Tekel
Mene Tekel
Indeed. Tim Mullen is considered a Microsoft apologist, and that he speaks out like this in public should be seen as a red flag for Microsoft.
And no, Gates' speech did not help -- he ended up looking like he either didn't understand or didn't care about the problems.
"So, A, B and C are brok...
[ more ] [ reply ]
And no, Gates' speech did not help -- he ended up looking like he either didn't understand or didn't care about the problems.
"So, A, B and C are brok...
[ more ] [ reply ]
Redmond's Butterfly Effect
2004-06-28
Anonymous (6 replies)
Anonymous (6 replies)
I like the idea of an enterprise version of IE, or an IE-lite, if you will.
It would be nice if IE wasn't an integral part of the OS, or even other apps........
[ more ] [ reply ]
It would be nice if IE wasn't an integral part of the OS, or even other apps........
[ more ] [ reply ]
Redmond's Butterfly Effect
2004-06-28
Anonymous (1 replies)
Anonymous (1 replies)
What'd be nice is if the user base had a say in what technologies where standard. A word to developers, get off the ActiveX train... you never should have gotten on!...
[ more ] [ reply ]
[ more ] [ reply ]
Redmond's Butterfly Effect
2004-06-28
Anonymous
Anonymous
And I like the idea of Microsoft being brought up on federal charges. Why do we see the finance industry and energy industry before the Senate answering charges of abusing peoples money, but not Microsoft?
They've strong-armed themselves into a near monopolist position and then abused their impli...
[ more ] [ reply ]
They've strong-armed themselves into a near monopolist position and then abused their impli...
[ more ] [ reply ]
Redmond's Butterfly Effect
2004-06-30
Anonymous (1 replies)
Anonymous (1 replies)
Redmond's Butterfly Effect
2004-07-02
Anonymous (2 replies)
Anonymous (2 replies)
Hello? How many exploits aimed at non-protected users exist for Netscape/Mozilla/Opera? How many holes in defaults of any *nux? How secure is user-installed Apple System 10.x? How would you go with the user that _wants_ her IM client to share all the joy with entire world?
Face it - Mocrosoft is ...
[ more ] [ reply ]
Face it - Mocrosoft is ...
[ more ] [ reply ]
Redmond's Butterfly Effect
2004-07-08
InnerWeb
InnerWeb
Yep, Microsoft is a big target to blame. With a $40+ billion checking account, they can not seem to focus enough energy on security. That is negligence, nothing but pure and simple negligence.
They manipulate the market to make money (like Enron did), they roll out products and developer knowle...
[ more ] [ reply ]
They manipulate the market to make money (like Enron did), they roll out products and developer knowle...
[ more ] [ reply ]
Redmond's Butterfly Effect
2004-07-05
MadMonk
MadMonk
You betcha! I really resent the fact that I have installed Mozilla Firefox and use it as my default. It is condidered inherently more secure than IE, but I can't get rid of IE:
1) because it's so entwined with other MS products
2) because 3rd party developers limit themselves to IE and (maybe) N...
[ more ] [ reply ]
1) because it's so entwined with other MS products
2) because 3rd party developers limit themselves to IE and (maybe) N...
[ more ] [ reply ]
Redmond's Butterfly Effect
2004-06-28
Ivanko (1 replies)
Ivanko (1 replies)
After reading SecurityFocus' article and battling spyware non-stop for a day or two, I ditched IE in favor of Firefox. So far, very few complaints about the browsing experience (smart scrolling occasionally misbehaves), but kudos to no unexpected popups filling up the screen with the fake "General ...
[ more ] [ reply ]
[ more ] [ reply ]
browser sploit + cross site scripting = owned
2004-06-29
Anonymous
Anonymous
So I guess cross-site scripting exploits are going to potententially get a lot worse for users. You don't really need to hack the web server to post nasty HTML and pull off this attack. Check webmail, message boards, blogs, auctions, comments, and bam... "IE owned". Oh, and this post your reading! ...
[ more ] [ reply ]
[ more ] [ reply ]
IKEA can save our souls
2004-06-29
Anonymous
Anonymous
Let's sell computers in IKEA boxes and people (whether they are SysAdmins or regular users) WILL read the manual !!!!
a) Users have the right for the best and most secure solution for their needs. In this case, Firefox solves the problem for the users. The more people start using alternatives, th...
[ more ] [ reply ]
a) Users have the right for the best and most secure solution for their needs. In this case, Firefox solves the problem for the users. The more people start using alternatives, th...
[ more ] [ reply ]
Redmond's Butterfly Effect
2004-06-29
Anonymous (1 replies)
Anonymous (1 replies)
There is no need to use IE in any form. Strange that the article made no mention of the alternatives such as Opera, Firefox, Mozilla etc.
Also there is no reason to use Windows at all for maybe 80% of users.
...
[ more ] [ reply ]
Also there is no reason to use Windows at all for maybe 80% of users.
...
[ more ] [ reply ]
Redmond's Butterfly Effect
2004-06-29
Anonymous
Anonymous
Interesting...I remember this point being brought up on BugTraq about 7 months ago.
Information systems are becoming increasingly complex, and as a result one cannot look at a single configuration option without taking into consideration how that option affects the total system.
Sysadmins, net...
[ more ] [ reply ]
Information systems are becoming increasingly complex, and as a result one cannot look at a single configuration option without taking into consideration how that option affects the total system.
Sysadmins, net...
[ more ] [ reply ]
Lima / Lamo
2004-06-29
Anonymous (2 replies)
Anonymous (2 replies)
I can't believe no one has commented on the Lima / Lamo crack. That's the best thing I've read all week....
[ more ] [ reply ]
[ more ] [ reply ]
Lima / Lamo
2004-06-30
blacklight
blacklight
I make no comments on women's looks - I got myself verbally mutilated and killed that way by the women affected (and their mothers and their sisters and their brothers and their fathers not to mention husbands and current boyfriends), so I will not say anything about Lima. As for Lamo, I don't swing...
[ more ] [ reply ]
[ more ] [ reply ]
local zone hardening is not enough
2004-06-29
Anonymous
Anonymous
the intranet and trusted sites zones are still ample targets for attacks, so unless xp sp2 does more to sandbox ie than adjusting local zone security settings, we're back to square one.
(in)security zones are why these vulns are possible in ie and not mozilla, opera, etc.. though mozilla, opera,...
[ more ] [ reply ]
(in)security zones are why these vulns are possible in ie and not mozilla, opera, etc.. though mozilla, opera,...
[ more ] [ reply ]
Redmond's Butterfly Effect
2004-06-29
Anonymous
Anonymous
While your "concentrate on Adriana Lima without having to worry about the likes of Adrian Lamo." crack might seem like clever word play, it seems to me to be misleading. I am not aware of Adrian Lamo doing anything significantly malicious. In all of his exploits, of which I am aware, whenever he fou...
[ more ] [ reply ]
[ more ] [ reply ]
Redmond's Butterfly Effect
2004-06-30
blacklight
blacklight
I access the Internet through a dialup connection from my Win98 box, where I cheerfully admit that Win98 is an insecure OS. Nevertheless, between my AVG and my anti-adware software, I thought I had my risks pretty well managed. Well, my IE browser was hijacked last month by a known domain hijacker t...
[ more ] [ reply ]
[ more ] [ reply ]
Redmond's Butterfly Effect
2004-06-30
Anonymous
Anonymous
The biggest problem that internet explorer has suffered from is "Feature Creep".
In theory a web browser should be more like a secure "tarpit" or a "sandbox", with the ability to interact and use websites, but keep those websites from interacting with system objects.
While features like: the ...
[ more ] [ reply ]
In theory a web browser should be more like a secure "tarpit" or a "sandbox", with the ability to interact and use websites, but keep those websites from interacting with system objects.
While features like: the ...
[ more ] [ reply ]
Redmond's Butterfly Effect
2004-06-30
Anonymous (2 replies)
Anonymous (2 replies)
Yeah, just what I want to do. Install Firefox/Mozilla on all the users friggin' machines in the office.
What am I going to do when someone finds an issue with those browsers?
Any of you out there that keep jumping on the Linux wagon --- how many of you have actually USED it? And I don't mean...
[ more ] [ reply ]
What am I going to do when someone finds an issue with those browsers?
Any of you out there that keep jumping on the Linux wagon --- how many of you have actually USED it? And I don't mean...
[ more ] [ reply ]
Redmond's Butterfly Effect
2004-06-30
Penguinisto (1 replies)
Penguinisto (1 replies)
Err, I'm using SuSE right now, with Mozilla 1.6, no sweat.
You don't even need to install Linux in such a case (they make Win32 versions of most alternate browsers), so why that came up I haven't the slightest. Now that you mention it though... at least w/ Linux, I could, if sufficiently anal an...
[ more ] [ reply ]
You don't even need to install Linux in such a case (they make Win32 versions of most alternate browsers), so why that came up I haven't the slightest. Now that you mention it though... at least w/ Linux, I could, if sufficiently anal an...
[ more ] [ reply ]
other OS's
2004-07-02
Anonymous
Anonymous
I am a Linux administrator supporting a dozen linux machines. We're pretty happy with it. With kickstart and up2date, patching is pretty easy. I use Mac OS X at home and I have never been happier with any OS. It's the power and security of Linux without the confusion. I hope Apple jumps at this oppo...
[ more ] [ reply ]
[ more ] [ reply ]
Good read, though...
2004-06-30
Penguinisto
Penguinisto
...why not just ditch IE altogether, as one of your colleagues sugested outright? It's not as if IE actually conforms fully to W3C, CSS, or any other real and open standard, and how many business environments really need their employees surfing the bells-and-whistles websites that would require IE a...
[ more ] [ reply ]
[ more ] [ reply ]
Redmond's Butterfly Effect
2004-07-01
DavidM (EDS)
DavidM (EDS)
This situation with IE vulnerably is a pit of "poetic justice". If Microsoft was so guilty of greed when it comes to its business practices it would not have tried to make IE "all encompassing". They tried to destroy Netscape and Sun's Java. And if they did try to foolishly integrate IE into OS t...
[ more ] [ reply ]
[ more ] [ reply ]
Redmond's Butterfly Effect
2004-07-01
Anonymous
Anonymous
After you post a comment like :
?Given the innate complexity of zone settings, ActiveX object controls and the various scripting configurations, there is really no excuse for the way multiple vulnerabilities within a single product were handled with such tunnel vision, particularly when their com...
[ more ] [ reply ]
?Given the innate complexity of zone settings, ActiveX object controls and the various scripting configurations, there is really no excuse for the way multiple vulnerabilities within a single product were handled with such tunnel vision, particularly when their com...
[ more ] [ reply ]
Redmond's Butterfly Effect
2004-07-01
Dave
Dave
Hey Mullen, won't patch management fix this problem...now we have public disclosure of the myraid of problems that MS has attempted to shield the end-user from only to find out that it is the product itself.
When will MS ship an operational server product that doesn't require a GUI console, Activ...
[ more ] [ reply ]
When will MS ship an operational server product that doesn't require a GUI console, Activ...
[ more ] [ reply ]
Alternative browsers
2004-07-01
Sandalle (1 replies)
Sandalle (1 replies)
Or just use Firefox, Mozilla, Opera, and possibly others available. These are patched much more frequently than IE when/if exploits are found....
[ more ] [ reply ]
[ more ] [ reply ]
Alternative browsers
2004-07-02
Anonymous (1 replies)
Anonymous (1 replies)
>These are patched much more frequently...
WOW! That's relaxing! I'd love to patch daily!...
[ more ] [ reply ]
WOW! That's relaxing! I'd love to patch daily!...
[ more ] [ reply ]
Less bugs
2004-07-03
Anonymous
Anonymous
Patchs of Mozilla are not every day once a month if unlucky in most cases.
Less holes. No use of ActiveX.
Use of a script system protected.
Any holes reported will be fixed as soon as able.(It overrides development of next version)
This is just good old Netscape development system worki...
[ more ] [ reply ]
Less holes. No use of ActiveX.
Use of a script system protected.
Any holes reported will be fixed as soon as able.(It overrides development of next version)
This is just good old Netscape development system worki...
[ more ] [ reply ]
Redmond's Butterfly Effect -- PC Vendors should be required to include alternate browsers
2004-07-02
Roger
Roger
The problems with Internet Explorer and its many security weaknesses are such that significant change MUST occur. All PC Vendors ? be it, Dell, HP, Gateway, Sony... should be required to ship with an alternate web browser. This could be Mozilla or Netscape -- but it should just as prominently disp...
[ more ] [ reply ]
[ more ] [ reply ]
Redmond's Butterfly Effect
2004-07-04
WR SecAddict
WR SecAddict
The only reason why MS fails to update IE in due time IS because IE is so embedded in Windows that any patch has to be tested as to which effect it has on the OS. And all that while IE should just be a web-browser.
It's a burden of history, you know. Back in the day IE was pushed out of the market ...
[ more ] [ reply ]
It's a burden of history, you know. Back in the day IE was pushed out of the market ...
[ more ] [ reply ]
...
[ more ] [ reply ]