-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Security gone awry: IE 8 XSS filter exposes sites to XSS attacks
,----[ Quote ]
| The cross-site scripting filter that ships
| with Microsoftâs Internet Explorer 8
| browser can be abused by attackers to
| launch cross-site scripting attacks on
| websites and web pages that would otherwise
| be immune to this threat.
|
| According to a presentation at this yearâs
| Black Hat Europe conference, the issue
| introduces security problems at several
| high-profile websites, including
| Microsoftâs own Bing.com (screenshot),
| Google.com, Wikipedia.org, Twitter.com
| (screenshot) and just about any site that
| lets IE 8 users create profiles.
`----
http://www.howtogeek.com/howto/15037/use-an-ubuntu-live-cd-to-securely-wipe-your-pcs-hard-drive/
IE8's XSS Filter Exposes Sites To XSS Attacks
http://tech.slashdot.org/story/10/04/20/0023238/IE8s-XSS-Filter-Exposes-Sites-To-XSS-Attacks
Do You Trust Microsoft To Auto Fix Anything?
,----[ Quote ]
| I saw this promo piece in the BBC about the
| launch of Microsoft's new Fix-it service
| and a few things spring to mind. The first
| is that Microsoft have a long track record
| of causing more problems than they fix when
| applying updates. They set Windows to
| download and apply all critical updates
| without user intervention. So when a user
| goes to shut down their PC they have no
| idea if they have to hang around for 15
| mins so that Windows can apply it's updates
| or not. Similarly they have no idea if
| those updates will cause a problem when
| they next start up their PC.
|
| The second is that Microsoft have a history
| of abusing the term "critical" and slipping
| in programs like the Orwellian titled WGA
| (Windows Genuine Advantage). This was
| apparently a feature a large number of
| their customers were screaming out for and
| Microsoft being a listening, concerned
| company felt they had no choice but to
| provide; if you believe Micorosoft's PR
| about it. WGA checks regularly if the copy
| of Windows it's running on is licensed or
| unlicensed. If it deems that install of
| Windows to be unlicensed it causes no end
| of hassle for the user by disabling
| services, rebooting, nagware messages about
| "please contact Microsoft to buy a Windows
| product key". It's no advantage to
| customers, only to Microsoft. Yet this has
| been defined by Microsoft as a "critical"
| update. To me "critical" means "your PC is
| at immediate risk without this update".
`----
http://thistleweb.co.uk/blog/19/04/2010/do-you-trust-microsoft-auto-fix-anything
Recent:
Microsoft Removes Projectile-vomiting IE8 Ad From Web
,----[ Quote ]
| An online ad for Internet Explorer 8 that showed a woman projectile vomiting
| has left such a bad taste in viewers' mouths that Microsoft has decided to
| remove it.
`----
http://www.pcworld.com/businesscenter/article/167795/microsoft_removes_projectilevomiting_ie8_ad_from_web.html
IE8's "Get the Facts Marketing Gets It Wrong
,----[ Quote ]
| But this comparison table treats me like a moron, especially when you
| consider that I'm using Firefox and have pre-existing views on many items on
| the comparison table. Only IE8 gets a check for security, privacy, and ease
| of use? Really? At a minimum, Microsoft should have used Harvey Balls to show
| that the competitors have capabilities, which may not be as strong as IE8.
| Microsoft could have posted videos that show how easy it is to carry out a
| common task in IE8 and compare it to Firefox with the relevant add-on
| installed.
`----
http://www.pcworld.com/article/167137/ie8s_get_the_facts_marketing_gets_it_wrong.html
Microsoft IE8 Hype Is Beyond Belief
,----[ Quote ]
| Internet Explorer 8 is a very good browser, especially when compared to IE7
| and (ugh) IE6. However, it still lags behind most of the other browsers in
| both performance and standards compliance. That doesn't seem to bother
| Microsoft, which has been pushing IE8 using hype that they rarely use even
| for Windows or Office.
|
| [...]
|
| There is no way that Microsoft can claim anything close to parity with
| standards compliance of the other major browsers. For example, IE8 retains a
| non-standard event model that does not get anywhere close to the W3C standard
| published in 2000. Just a few examples: Form elements don't bubble events.
| There is a global event object instead of an event argument passed to the
| handler. Rather than document.addEventListener, IE uses the non-standard
| document.attachEvent method.
`----
http://www.informationweek.com/blog/main/archives/2009/06/microsoft_ie8_h.html;jsessionid=QU4MDQ0GLWPRGQSNDLOSKHSCJUNN2JVN
Thinking about upgrading to IE8? Think twice
,----[ Quote ]
| For example: One day last month Cringester D. L. discovered when he logged
| onto the Net, he couldn't get to his e-mail or view Web pages. He then
| enjoyed several quality hours on the phone with Dell tech support, which
| determined the cause: His daughter had clicked a button and updated the
| browser to IE8 without telling him. The support tech logged onto his computer
| remotely and downgraded it to IE7. Problems solved.
`----
http://www.infoworld.com/d/adventures-in-it/thinking-about-upgrading-ie8-think-twice-326
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkvNqN8ACgkQU4xAY3RXLo4AwgCfalSduhUgxt+cVcAmUJc1ry9I
p6sAoKVpq8e1PUajEsGQd/80c1659f2Q
=+lcb
-----END PGP SIGNATURE-----
|
|
