Re: Where is the notificiation about IE zero day vulnerablity?

From: fluidly unsure (dripping_at_mailinator.com)
Date: 11/28/05 

Date: Mon, 28 Nov 2005 07:51:11 GMT

Imhotep wrote:
> Shenan Stanley wrote:
>
>
>>Imhotep wrote:
>>
>>>When Firefox's IDN security flaw came out, there were articles all
>>>over the popular web sites (CNN, MSNBC, Yahoo, etc). Now, there was
>>>a zero day fix (really a work around more than a fix) that
>>>protected your Firefox web client. This was about 8 months or so
>>>ago.
>>>
>>>Now, 7 days ago, someone posted proof of concept code illustrating
>>>how you can do a remote code execution attack against IE from any
>>>web site.
>>>
>>>Now, my question is a simple one. Why have none, as of today, of
>>>the popular web site written a thing about it. It is much more
>>>serious. The code is all over the 'net and it can be run from any
>>>web server. In short, this is a serious a security hole as there
>>>can be. So why no press????
>>>
>>>Reference articles:
>>>http://yahoo.pcworld.com/yahoo/article/0,aid,122678,00.asp
>>
>>FireFox was the sensational *new* (to the unknowing public) way of
>>protecting yourself against the dangers of the web. Everyone was talking
>>about how it was poised to be the one browser to finally beat Microsoft at
>>its own game. It was the hot-topic, the news-flashable item in
>>technology. It was because it was the "hot-button" topic it was (Firefox,
>>not the exploit) that the exploit was covered.

[snip]
> So you are saying that it got coverage because the news agencies were trying
> to shoot down the browser, with respect to it's perceived security status?
> Here is my problem with that. That is something that Microsoft or Firefox
> (mozilla foundation) cares about (Shooting down a preception) not a news
> agency...after all why would Yahoo, CNN or MSNBC care which browser was
> perceived at being more secure. Even if they did, why would they want to
> "shoot down" either of the the browsers? Seems to political in nature....

"Shoot down the browser"? I don't see that being done here. But many FF
fans made it sound like IE had already been shot down. The ghost
continues to live and the press is focusing on it's would-be assassin.

"Why would they care"? They care because their audience cares. I
couldn't count how many times I've been asked which browser was safer.
Even more than "which AV is better".

Political? Yes but as long as humans are running things, we will never
be able to get around this. 

-- 
Liquid