Re: Where is the IE zero day exploit in the news...



Imhotep <imhotep@xxxxxxxxxx> wrote in
news:59idnQa7aIKu7gvenZ2dnUVZ_t-dnZ2d@xxxxxxxxxxxx:

> I do not see warning people about a seriously critical security hole as
> being trivial. Tell that to the people that lose their credit card info
> (or whatever)....I am sure they would love to hear you explaination
> about how "trivial" it is...

While the potential for harm is there the fact is that it hasn't been
exploited and even it it were it's unlikely anyones credit card number
would be obtained.

Besides if you following Microsoft's advice and set the security on the
Internet zone to High you are not vulnerable:

http://www.microsoft.com/athome/security/online/browsing_safety.mspx

> However, it is strange that Firefox gets press for a trivial IDN
> security issue and IE gets none for a browser remote code execution
> security issue. Don't you think that is a little strange?

Firefox got market share by claiming it was 'more secure' than IE and thus
attracts more attention when it's found to be vulnerable. It's interesting
that Firefox is now downplaying the security angle in favor of a 'better
web experience'.

> It has been how long now 2 weeks and not a peep on any of the popular
> web sites....Yet the media loves to sensationalize things...still not a
> peep...

Obviously Microsoft has payed off all the major media providers;-)

> Sorry but I think their is a little political (marketing) pressure
> here....

I bet you haven't heard anything about a similar (buffer overflow could
lead to remote code exexcution) bug in Firefox 1.5 that's been around for
about a week now.

https://bugzilla.mozilla.org/show_bug.cgi?id=319004
http://packetstormsecurity.org/0512-exploits/firefox-1.5-buffer-overflow.txt

Perhaps computer security vulnerabilities are getting to be so commonplace
that the media can't be bothered to report them anymore?
.