Linked by Thom Holwerda on Mon 18th Jan 2010 22:00 UTC
Internet Explorer Ah, the security vulnerability that was used in the Google attack. It's been around the internet about a million times now, and even governments have started advising people to move away from Internet Explorer. As is usually the case, however, the internet has really blown the vulnerability out of proportion. I'll get right to it: if your machine and/or network has been compromised via this vulnerability, then you most likely had it coming. No sympathy for you.
Thread beginning with comment 404838
To view parent comment, click here.
To read all comments associated with this story, please click here.
Bryan
Member since:
2005-07-11

I doubt it's that simple. Keep in mind the underlying flaw is present in all prevalent versions of IE, including IE8 which, no doubt, have been threat modeled, reviewed for security flaws, and analyzed and compiled with the latest tools. Historically, Microsoft has published post-mortems for notable exploits that describe why exactly those mechanisms proved insufficient (e.g., [1]), and hopefully they'll publish one for this flaw as well. Until we have information on what the flaw looked like from their end (ideally with the relevant source snippets), it's premature to simply attribute it to incompetence or apathy.

[1] http://blogs.msdn.com/sdl/archive/2009/07/28/atl-ms09-035-and-the-s...

Reply Parent Score: 1