Robert McLaws: Windows Edition

Blogging about Windows since before Vista became a bad word

Secunia and Irresponsibility

You know, the IE Spoofing "bug" is getting a lot of press today. You know, I find it interesting that IE7 has been in beta for a really long time, and they pick 4 days after it's released to bring it to light. They had more than enough time to report it to Microsoft before RTM... it's not like they don't have an open line of communication directly with the IE team. Could it be that Secunia had something to gain from keeping it quiet until after RTM? Sure seems like it from here in the cheap seats.

BUT, it's also important to note that this issue does not occur on Windows Vista. I'm running RC2 (without UAC, as you can see) and the "flaw" doesn't happen. A screenshot from their test page is below.

So, if you're on XPSP2 and use pop-ups, make sure you right-click on pages and select "Properties" to make sure you're where you're supposed to be.

Posted on Oct 25 2006, 11:00 PM by Robert McLaws
PostTypeIcon
14,191 Views

Comments

  • Guillermo Taylor @ Microsoft said:

    Hola a todos. He estado analizando algunos posts y comentarios en general sobre esta "vulnerabilidad".

    October 26, 2006 6:04 AM
  • wilsone8 said:

    Or...and I know this is a naive thought....they just discovered the bug 4 days after IE 7 shipped.  

    October 26, 2006 12:34 PM
  • Computer Guru said:

    <blockquote>Could it be that Secunia had something to gain from keeping it quiet until after RTM? Sure seems like it from here in the cheap seats.</blockquote>

    Yeah, it's called traffic. Everyone does it: you release news when it causes sensation. They call it journalism, and it'll never change. Nothing wrong with it, it may not be the most noble thing, but it's certainly ot illegal and doesn't point to under-the-table dealings with Firefox or whatnot.

    October 26, 2006 1:04 PM
  • Robert McLaws said:

    So wouldn't a security company be more interested in making computers secure than in generating traffic?

    October 26, 2006 2:00 PM
  • futurix said:

    I ran the demonstration on XP SP2 (unpatched) with IE7 (final) and it did not work. I see same address in URL as in your Vista screenshot. Something fishy here!

    October 26, 2006 5:21 PM
  • Robert McLaws: Windows Vista Edition said:

    Secunia continues to prove that it's more interested in staying in the news than it is in making sure

    October 30, 2006 2:42 PM

This Blog

Syndication

Recent Posts

Tags

My Other Blogs

Archives