On Wed, 15 Apr 2009, Larry Seltzer wrote:
: For the sake of argument, and in their defense, none of yesterday's : vulnerabilities apply to IE8, and the IE vulnerabilities all exploit in : the context of the logged-in user which, in Vista, is likely to be : less-privileged (unless the user/admin is a doofus) For the sake of common sense, what is the distribution of IE8? The fact is every few years Microsoft releases a new version of Windows, calling it the most secure OS (ever|yet|etc). They claim this along with "no vulnerabilities reported" after a short beta period and no open testing of the product. Months pass and the vulnerabilities start rolling in and we learn that the SDLC is still problematic and Windows (any version) still contains too much legacy code. It's amazing how no one seems to really take MS to task over this old and boring pattern. : Larry Seltzer : eWEEK.com Security Center Editor http://www.eweek.com/ Featured Video: How Well is Your Dell Protected - Windows server 2008 provides enhanced and new security features that protect information while simplifying security management. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
