Major IE8 Flaw Makes "Safe" Sites Unsafe 83
After this weekend's report of a dangerous flaw in IE (which Microsoft confirmed today), intrudere points out an exclusive report in The Register on a new hole in IE8 that could allow an attacker to pull off cross-site scripting attacks on Web sites that ought, by rights, to be safe from XSS. This is according to two anonymous sources, who told El Reg that Microsoft had been notified of the vulnerability a few months ago.
That seems like a really strange thing to do... (Score:4, Interesting)
It seems to me that if the IE team is capable of telling that a combination of features is potentially dangerous, then why would they edit the source of the page to avoid triggering the vulnerability, rather than actually eliminating the vulnerability being attacked?
Re:In other news (Score:3, Interesting)
That's the clincher. I can only imagine how many corporations are in the same boat as mine. Tons of IE6 specific apps and XP due to the Vista fiasco. I'm still waiting for an IE upgrade, years after 7 and 8 have been released. It's about as insecure as you can get, yet they still use it.
This alone should teach the dangers of relying on a single vendor too much. What's odd is they are actually very good about this on any other platforms, but they wear blinders when it comes to Microsoft products.
Re:See, Microsoft is right (Score:3, Interesting)
We do. It's called -1 Troll.