IE 7.0

Discussion in 'Computer Security' started by Jay Calvert, Feb 15, 2005.

  1. Jay Calvert

    Jay Calvert Guest

    Jay Calvert, Feb 15, 2005
    #1
    1. Advertising

  2. Jay Calvert

    Jim Watt Guest

    Jim Watt, Feb 15, 2005
    #2
    1. Advertising

  3. Jay Calvert

    Colin B. Guest

    Jim Watt <_way> wrote:
    > On Tue, 15 Feb 2005 19:09:49 +0000, Jay Calvert
    > <> wrote:
    >
    >>Mr. Gates Announces IE 7.0 In RSA Keynote Address
    >>
    >>http://habaneronetworks.com/viewArticle.php?ID=137
    >>
    >>Thought you might be interested

    >
    > Any security patches yet?


    It's only going to be available as a beta by mid-summer apparently. I
    wouldn't count on any critical patches until at least April.
     
    Colin B., Feb 15, 2005
    #3
  4. Jay Calvert

    donnie Guest

    On Tue, 15 Feb 2005 22:39:10 GMT, "Colin B."
    <> wrote:

    >> Any security patches yet?

    >
    >It's only going to be available as a beta by mid-summer apparently. I
    >wouldn't count on any critical patches until at least April.

    #####################
    I think he meant that as a joke.
    donnie.
     
    donnie, Feb 16, 2005
    #4
  5. Jay Calvert

    winged Guest

    Jay Calvert wrote:
    > Mr. Gates Announces IE 7.0 In RSA Keynote Address
    >
    > http://habaneronetworks.com/viewArticle.php?ID=137
    >
    > Thought you might be interested
    >

    It was an interesting article. Though while they have some of their old
    holes patch up they are including bigger and better ones. No Browser
    should have unfettered access to a file that controls the configuration
    of the local computer, and allow people to remotely change settings
    permanently (without intervention) of the configuration files. Thats
    what admin folks are for and I don't need that remote unknown website
    to decide this for me.

    While I understand some just want to enhance my browsing experience I
    can think of no one other than me whom I want to do so.

    While they will bury many of the ActiveX functionalities they are
    expanding of their .Net initiative (oh boy like activeX but even more
    language support) for longhorn, blurring the distance and locations of
    applications. Microsofts model, from what I understand of it, will
    really strain this net trust relationship.

    In studying Active Directory AD structs the power it provides net admins
    is awesome. I can hardly wait for the AD exploits to start running the
    corporate gambit. I have already figured 2 methods where this could be
    accomplished in most configurations. Imagine the impact when large
    companies all start attacking the net while their owners can't even log
    in. If these same companies use IP net phones they may lose even phone
    communications under the right conditions.

    Is anyone looking at the default .Net service default perms..ok I am
    paranoid...

    I think that will be called "Job Security"

    Winged
     
    winged, Feb 16, 2005
    #5
  6. Jay Calvert

    Moe Trin Guest

    In article <>, donnie wrote:

    >On Tue, 15 Feb 2005 22:39:10 GMT, "Colin B."
    ><> wrote:
    >
    >>> Any security patches yet?

    >>
    >>It's only going to be available as a beta by mid-summer apparently. I
    >>wouldn't count on any critical patches until at least April.

    >#####################
    >I think he meant that as a joke.


    Scanning Bugtraq for a while seems to indicate that they are unlikely
    to get patches out that quickly - unless that is April of 2006, and even
    that assumes they get the product in service in the next 8 months or so
    which is probably pushing it.

    Old guy
     
    Moe Trin, Feb 16, 2005
    #6
  7. Jay Calvert

    winged Guest

    Moe Trin wrote:
    > In article <>, donnie wrote:
    >
    >
    >>On Tue, 15 Feb 2005 22:39:10 GMT, "Colin B."
    >><> wrote:
    >>
    >>
    >>>>Any security patches yet?
    >>>
    >>>It's only going to be available as a beta by mid-summer apparently. I
    >>>wouldn't count on any critical patches until at least April.

    >>
    >>#####################
    >>I think he meant that as a joke.

    >
    >
    > Scanning Bugtraq for a while seems to indicate that they are unlikely
    > to get patches out that quickly - unless that is April of 2006, and even
    > that assumes they get the product in service in the next 8 months or so
    > which is probably pushing it.
    >
    > Old guy


    Very good point Old guy!

    Found this article interesting:

    http://news.zdnet.com/2100-9588_22-5577263.html

    Microsoft could make no better decision than to truly isolate the
    browser from the OS. I look forward to the Beta. I am curious to see
    how this decision impacts their .NET initiatives.

    Next question I guess will be since it will be (reportedly) split from
    the OS, is what will this cost. First intelligent move I have seen out
    of Redmond lately. MS might actually be able to create a good browser
    if they dump the world domination plans and focus on the software and
    the standards.

    Shucks they prolly only charge us 50$ a seat additional now for the new
    piece of software.......

    Sure hope they dump the bubble wrap interface, XP and 2003 Bubble wrap
    schemes while different, I am not convinced are an improvement.


    Winged
     
    winged, Feb 17, 2005
    #7
  8. Jay Calvert

    Moe Trin Guest

    In article <cv0v5f$>, winged wrote:

    >Found this article interesting:
    >
    >http://news.zdnet.com/2100-9588_22-5577263.html


    In announcing the plan, Gates acknowledged something that many outside
    the company had been arguing for some time--that the browser itself has
    become a security risk.

    "Browsing is definitely a point of vulnerability," Gates said.

    The reason the browser is a risk is that it has features out the whazoo,
    most of which serve no useful purpose other than an avenue to exploit.
    The combination of clueless users who don't want to read a manual or
    help screen to configure things, and an overly helpful (don't worry, we'll
    enable everything for you) set of defaults is a recipe for disaster. But
    other browsers don't have this problem.

    >Microsoft could make no better decision than to truly isolate the
    >browser from the OS. I look forward to the Beta. I am curious to see
    >how this decision impacts their .NET initiatives.


    Well, they sorta did with 'IE for Unix' back before DOJ got on their case.
    But it was a dog and (quoting someone else) "Solaris IE resembled a well
    written Unix application in the same way that a fish resembles a 1961
    Pontiac Bonneville 2-door hardtop." The Unix mode of operation is that
    'root' (the administrator account) is used rarely, and with exceptional
    care and ONLY when doing maintenance on the system. The normal users don't
    have permission to do anything to the hardware or operating system - as if
    they are in a different world from that.

    >Next question I guess will be since it will be (reportedly) split from
    >the OS, is what will this cost.


    Per seat? Per year? ;-)

    >First intelligent move I have seen out of Redmond lately. MS might
    >actually be able to create a good browser if they dump the world domination
    >plans and focus on the software and the standards.


    I think you're asking the impossible. Heck, they don't even follow their
    own standards (see RFC2433 and RFC2759 - the microsoft "standards" for
    dialin authentication), never mind national or international standards.

    >Shucks they prolly only charge us 50$ a seat additional now for the new
    >piece of software.......


    I dunno - how much did you pay for Mozilla?

    "I think it's a response to both the delay of Longhorn and the challenge
    of Firefox

    Reminds me of the announcement

    Redmond, WA (AP) -- Microsoft announced today that the official
    release date for the new operating system "Windows 2000" will be
    delayed until the second quarter of 1901.

    Old guy
     
    Moe Trin, Feb 17, 2005
    #8
  9. Jay Calvert

    andy smart Guest

    Moe Trin wrote:
    > In article <cv0v5f$>, winged wrote:
    >
    >
    >>Found this article interesting:
    >>
    >>http://news.zdnet.com/2100-9588_22-5577263.html

    >
    >
    > In announcing the plan, Gates acknowledged something that many outside
    > the company had been arguing for some time--that the browser itself has
    > become a security risk.
    >
    > "Browsing is definitely a point of vulnerability," Gates said.
    >
    > The reason the browser is a risk is that it has features out the whazoo,
    > most of which serve no useful purpose other than an avenue to exploit.
    > The combination of clueless users who don't want to read a manual or
    > help screen to configure things, and an overly helpful (don't worry, we'll
    > enable everything for you) set of defaults is a recipe for disaster. But
    > other browsers don't have this problem.
    >
    >
    >>Microsoft could make no better decision than to truly isolate the
    >>browser from the OS. I look forward to the Beta. I am curious to see
    >>how this decision impacts their .NET initiatives.

    >
    >
    > Well, they sorta did with 'IE for Unix' back before DOJ got on their case.
    > But it was a dog and (quoting someone else) "Solaris IE resembled a well
    > written Unix application in the same way that a fish resembles a 1961
    > Pontiac Bonneville 2-door hardtop." The Unix mode of operation is that
    > 'root' (the administrator account) is used rarely, and with exceptional
    > care and ONLY when doing maintenance on the system. The normal users don't
    > have permission to do anything to the hardware or operating system - as if
    > they are in a different world from that.
    >
    >
    >>Next question I guess will be since it will be (reportedly) split from
    >>the OS, is what will this cost.

    >
    >
    > Per seat? Per year? ;-)
    >
    >
    >>First intelligent move I have seen out of Redmond lately. MS might
    >>actually be able to create a good browser if they dump the world domination
    >>plans and focus on the software and the standards.

    >
    >
    > I think you're asking the impossible. Heck, they don't even follow their
    > own standards (see RFC2433 and RFC2759 - the microsoft "standards" for
    > dialin authentication), never mind national or international standards.
    >
    >
    >>Shucks they prolly only charge us 50$ a seat additional now for the new
    >>piece of software.......

    >
    >
    > I dunno - how much did you pay for Mozilla?
    >
    > "I think it's a response to both the delay of Longhorn and the challenge
    > of Firefox
    >
    > Reminds me of the announcement
    >
    > Redmond, WA (AP) -- Microsoft announced today that the official
    > release date for the new operating system "Windows 2000" will be
    > delayed until the second quarter of 1901.
    >
    > Old guy
    >

    Does anybody still use Internet Explorer?
    :)
     
    andy smart, Feb 18, 2005
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.

Share This Page