> -----Original Message----- > From: Larry Lyons [mailto:[EMAIL PROTECTED] > Sent: Thursday, October 19, 2006 2:51 PM > To: CF-Community > Subject: FW: Security flaw found in new Internet Explorer web browser > > From the CBC: > http://www.cbc.ca/technology/story/2006/10/19/tech-ie.html > > And its been how many hours that IE 7 has been officially released?
Well... that angle should be taken with a grain of salt I think. Do you really think that they downloaded the release, explored it, and discovered a flaw in a few hours? Or perhaps they found a flaw in one of the pre-release versions, sat on it and then waited until the official release to announce it? Since the exploit seems to work even in very early betas of IE 7 the answer seems pretty clear. Hell - I can't blame them. Announcing it now means quite a bit more publicity. In any case the flaw is flagged as "less critical" (and pretty esoteric). I'm unclear how it could be used to "disclose potentially sensitive information" but I've seen weirder things happen. Also, for what it's worth, since the exploit depends on a non-standard protocol definition it should be both very to both patch and protect against. It is a black eye for MS but it doesn't, at least in my opinion, detract greatly from the release. "Zero-day" exploits (especially for software that's been freely available for almost a year) aren't uncommon. What will be telling is both how and how quickly MS responds. Jim Davis ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Community/message.cfm/messageid:217958 Subscription: http://www.houseoffusion.com/groups/CF-Community/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.5
