On Tue, Jun 9, 2009 at 7:12 AM, Jeff Wright <[email protected]> wrote:
> > So Apple is guilty of some of the crimes that the Redmond Menace is > > guilty > > of. Both are sinners and deserve a time out for it. > > Agreed, but that was in answer to Tom's assertion that Apple would NEVER do > such a thing, when, in fact, it already has. > > > The problem is that M$ did something that opened a security hole in > > non-M$ > > software that people use to avoid their own shoddy product because of > > similar security holes intrinsic to IE. > > So you say, but yet, no one has actually been able to show what this > supposed security hole actually was. So far, it's just been a lot of talk. > > The problem is .net is a one click to run code. It is almost trivial to get that one click clicked by a bit of creative social engineering on a malformed web page. So lots of tricks that were exploited by Active X attacks back in the day are open to try again. Some have been blocked but lots were just stopped when the choice to run Active X code was made a conscious choice every time. You don't get to ask if I trust this page enough to run it's code. Now that M$ opened the door into Firefox you shouldn't really trust any windows installation that was running with that door open. Four months is a lot of time because lots people understood what this problem was in February so you can be sure that some of bad guys did or at least now have an exploit running for this. -- John Duncan Yoyo -------------------------------o) ************************************************************************* ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *************************************************************************
