About Duffbert...

Duffbert's Random Musings is a blog where I talk about whatever happens to be running through my head at any given moment... I'm Thomas Duff, and you can find out more about me here...

Email Me!

Search This Site!

Custom Search

I'm published!

Co-author of the book IBM Lotus Sametime 8 Essentials: A User's Guide
SametimeBookCoverImage.jpg

Purchase on Amazon

Co-author of the book IBM Sametime 8.5.2 Administration Guide
SametimeAdminBookCoverImage.jpg

Purchase on Amazon

MiscLinks

BlogSphere RSS Feed RSS Feed

Downloads

LotusScript Progress Meter
Removing Icons In Workspace
MS Constants Notes database
My Writing/Speaking Credits
Privacy/Disclosure Statement

Visitor Count...



View My Stats

« Book Review - Analog In, Digital Out by Brendan Dawes | Main| Cleaning, updating, and getting around to all those nagging "should do's" on my computers... »

The second IE7 flaw is now out there...

Category Microsoft
From WebUser.com:  Microsoft Admits Flaw In IE7

Security vendor Secunia has reported a second flaw in Microsoft's new Internet Explorer browser. This time, though, Microsoft has accepted the vulnerability as genuine and posted advice to users on its security blog.

The flaw could cause some users to fall victim to phishing attacks, which is particularly bad news for Microsoft - one of the hyped new features of IE7 was an improved anti-phishing facility.

Secunia says that the issue lies in the address bar of the browser.

"The problem is that it's possible to display a popup with a somewhat spoofed address bar where a number of special characters have been appended to the URL. This makes it possible to only display a part of the address bar, which may trick users into performing certain unintended actions," reads a note on Secunia's website.

In some ways, I feel bad for Microsoft...  Must suck to walk around with a target on your back...

Posted by Tom Duff On 10/26/2006 | | Bookmark and Share

Comments

Gravatar Image1 - In MS jargon, what does "more secure" really mean? If this is the beginning of the "new" Microsoft, the one that takes security more seriously, I'll just stick with Firefox.

Posted by Gregg Eldred At 06:27:20 On 26/10/2006 | - Website - |


Gravatar Image2 - @2... classic!

@1... I agree. Firefox is not without flaws, but until it becomes the primary target of hackers worldwide, it's a far better choice.

And I was amused the other day reading an article about the first IE7 flaw where Microsoft is claiming that it's really an Outlook issue.

Think about what they're saying... "Yes, there's a flaw. Yes, we have a security issue. But you just don't understand *which* piece of our software is at fault!"

Posted by Duffbert At 07:13:28 On 26/10/2006 | - Website - |


Gravatar Image3 - I kind of agree. Every new release is scoured for holes by hackers. But Microsoft should KNOW that by now.

As for FF. I just downloaded 2.0 and I'm still checking out the new features. No, it's not perfect. But, each time there is a reported flaw, it's fixed in quite short order. I think part of that is because of the number of people developing extensions. A lot of people know the code and can help improve!

Posted by Greg Simmons At 08:25:03 On 26/10/2006 | - Website - |


Gravatar Image4 - MS to English Dictionary:

"Secure" == "We have a patch team working on it."
"More Secure" == "It's secure, apart from the bits that are too big to patch."
"Most Secure" == "Our EULA disclaims us from any liability."


Posted by Philip Storry At 07:02:13 On 26/10/2006 | - Website - |


Post A Comment

:-D:-o:-p:-x:-(:-):-\:angry::cool::cry::emb::grin::huh::laugh::lips::rolleyes:;-)

Want to support this blog or just say thanks?

When you shop Amazon, start your shopping experience here.

When you do that, all your purchases during that session earn me an affiliate commission via the Amazon Affiliate program. You don't have to buy the book I linked you to (although I wouldn't complain!). Simply use that as your starting point.

Thanks!

Thomas "Duffbert" Duff

Ads of Relevance...

Monthly Archives