The IE problem has been around for at least five years and could allow an attacker to intercept credit card and/or personl data when a user is making a purchase. Konqueror also had the same problem, but Waldo Bastian fixed the problem 95 minutes after it was reported. You can get the fixed Konqueror version from the KDE CVS, or if you wait for KDE 3.03 next week. Read about the IE flaw at ZDNews.
‘Serious Flaw’ Found in Internet Explorer
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
reminds me of a guy who was saying something like “I wouldn’t trust Mozilla for BeOS with any personal data” in favor of IE in a discussion here a while back. This should be enough to make him think again
I am amazed how fast some of the opensource projects are to come out with fixes for serious issues. It shows that they care about what they do.
I know I would do the same thing.
And yes I know that Microsoft has to go through a process of testing before they can release any patch. But they are still too slow in my opinion.
well, if MS had their way, you would not even know about the bug, until it was fixed
which, IMO, is a LOT worse.
and if no one know about it. why fix it?
According to reports elsewhere, Opera read the reports about the IE/Konqueror bug, checked the exploit on their own product, and found out they had the bug, too.
Of course, they’ve already fixed it and released an update.
Forgot to make my point, which is this: apparently, the only thing faster than a motivated programmer with their priorities straight is a company with motivated programmers who have their priorities straight.
>>>Konqueror also had the same problem, but Waldo Bastian fixed the problem 95 minutes after it was reported.
But nobody asked KDE how long they had the security problem in the first place.
how does it matter?
the only thing that matters to me is how fast the bug gets fixed after they have been reported.
of course, the ideal would be to have 100% bugfree software every point release. but that’s not realistic.
What? :O
A ‘Serious Flaw’ Found in Internet Explorer – A serious flaw found in a Microsoft product :O
I refuse to believe it :rolleyes:
does mozilla have this problem?
No, Mozilla is not concerned.
Another reason why it really rocks!!!
i hope the KDE people make a patch for older versions of KDE/Konqueror as i prefer to keep using KDE-2.1.1 that is included with Redhat-7.1
http://www.pivx.com/larholm/unpatched/
IE and Windoze needs more than a patch…
If you want real security than make your online transactions with a text mode web browser.
Linux is a toy OS for irresponsible kids. That’s why Konqueror was fixed in 95 min. It was a child’s play… 😉
Windows, OTOH, is a professional and serious system. So it has serious flaws that you get after paying serious amounts of money or seriously restricting your OS options.
/* end joking mode */
Now, seriously, thanks Waldo for being there everytime you were needed. Maybe you do this just for the kicks and not because of anyone… but thanks, nonetheless. KDE rulz.
…to change my “name”.
“Anyone” was nice at start but causes some confusion.
>>>how does it matter?
>>>the only thing that matters to me is how fast the bug gets fixed after they have been reported.
>>>of course, the ideal would be to have 100% bugfree software every point release. but that’s not realistic.
I asked because the article mentioned that IE had this vulnerability for 5 years, but didn’t mention how long KDE had this problem.
With respect to 95 minutes, it worries me that the KDE patch was done in such a short time too. Maybe the patch could produce secondary security vulnerabilities also because it wasn’t fully regression tested.
“I am amazed how fast some of the opensource projects are to come out with fixes for serious issues. It shows that they care about what they do. ”
AKA pride.
Can’t we just have an acronym for when this is discovered?
YASFIIE ?????? Anybody?
Does OSnews pick up Slashdot headlines? It was 95 minutes between the story was posted on Slashdot and the fix was available. It was known 6 days before the fix to KDE but with the kssl author on vacation not treated until 2 days before the fix.
KDE 2.1 on Red Hat 7.1 hat no SSL certificate management. But it will be interesting to see if Red Hat ships security updates for Red Hat 7.2/7.3.
We should know what (discovered) security vulnerabilities the software we use has, so we know how much to trust them. In a lot of cases, there are many alternative.
If Big Software had there way, we would never know about the vulnerability. Now I can just (continue to) use Mozilla instead.
If Big Software had there way, we would never know about the vulnerability. Now I can just (continue to) use Mozilla instead.
——————
Good lawd. The more I use Mozilla the more I’m hooked on it.
Image Manager is my favourite feature. The ability to ban ad servers and graphics on a site and having it remember it each visit to the site is just brilliant
The rest of the features are just icing on the cake.
Now if only some of Opera’s better features were integrated, or Moz’s features integrated into Opera, for the best of both worlds. IE truly sucketh next to these offerings