Robert McLaws: Windows Edition

Blogging about Windows since before Vista became a bad word

Secunia and Irresponsibility

You know, the IE Spoofing "bug" is getting a lot of press today. You know, I find it interesting that IE7 has been in beta for a really long time, and they pick 4 days after it's released to bring it to light. They had more than enough time to report it to Microsoft before RTM... it's not like they don't have an open line of communication directly with the IE team. Could it be that Secunia had something to gain from keeping it quiet until after RTM? Sure seems like it from here in the cheap seats.

BUT, it's also important to note that this issue does not occur on Windows Vista. I'm running RC2 (without UAC, as you can see) and the "flaw" doesn't happen. A screenshot from their test page is below.

So, if you're on XPSP2 and use pop-ups, make sure you right-click on pages and select "Properties" to make sure you're where you're supposed to be.

PostTypeIcon
13,234 Views

Comments

  • Hola a todos. He estado analizando algunos posts y comentarios en general sobre esta "vulnerabilidad".

    October 26, 2006 6:04 AM
  • wilsone8 said:

    Or...and I know this is a naive thought....they just discovered the bug 4 days after IE 7 shipped.  

    October 26, 2006 12:34 PM
  • <blockquote>Could it be that Secunia had something to gain from keeping it quiet until after RTM? Sure seems like it from here in the cheap seats.</blockquote>

    Yeah, it's called traffic. Everyone does it: you release news when it causes sensation. They call it journalism, and it'll never change. Nothing wrong with it, it may not be the most noble thing, but it's certainly ot illegal and doesn't point to under-the-table dealings with Firefox or whatnot.

    October 26, 2006 1:04 PM
  • So wouldn't a security company be more interested in making computers secure than in generating traffic?

    October 26, 2006 2:00 PM
  • futurix said:

    I ran the demonstration on XP SP2 (unpatched) with IE7 (final) and it did not work. I see same address in URL as in your Vista screenshot. Something fishy here!

    October 26, 2006 5:21 PM
  • Secunia continues to prove that it's more interested in staying in the news than it is in making sure

    October 30, 2006 2:42 PM