Coffeehouse Thread

32 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

First IE critical security flaw discovered after XP SP2

Back to Forum: Coffeehouse
  • User profile image
    nektar

    A security firm has reported over the weekend a newly discovered highly critical flaw that affect most versions of Internet Explorer, even Windows XP with Service Pack 2. Microsoft says that the issue is not easy to exploit but according to some security analysts this is not true as an attacker can easily make a page where just by using the scrollbar could potentially place an executable in your startup folder.
    Look at:
    http://www.informationweek.com/story/showArticle.jhtml?articleID=29116685
    and
    http://www.winnetmag.com/windowspaulthurrott/Article/ArticleID/43739/windowspaulthurrott_43739.html
    Can we have an official response from Microsoft. Perhaps here in Channel9. Where is Stepto?

  • User profile image
    yale

    Some security analysts just try to earn credits for rubbish, much ado about nothing. Users also can download and run any malicious code on his own - what a critical security flaw! Or they can do Ctrl+A and Shift+Del over their "My Documents" in Explorer - what a heck of vulnerability! There are a lot of junk subjects some "security analysts" may publish advisories about.

  • User profile image
    nektar

    However, this one seems to be at least important. It seems that an attacker can design a webpage on which a user can inadvertently drag and drop an exe file into his startup folder just by using the ordinary scrollbar on that page. I cannot be sure but that appears to be serious enough for me.

  • User profile image
    Charles

    nektar wrote:
    It seems that an attacker can design a webpage on which a user can inadvertently drag and drop an exe file into his startup folder just by using the ordinary scrollbar on that page.


    Are you sure about that?

    Charles

  • User profile image
    Manip

    Charles wrote:
    nektar wrote: It seems that an attacker can design a webpage on which a user can inadvertently drag and drop an exe file into his startup folder just by using the ordinary scrollbar on that page.


    Are you sure about that?

    Charles


    I'm sure.

  • User profile image
    Keskos

    Manip wrote:
    Charles wrote:
    nektar wrote: It seems that an attacker can design a webpage on which a user can inadvertently drag and drop an exe file into his startup folder just by using the ordinary scrollbar on that page.


    Are you sure about that?

    Charles


    I'm sure.


    You are sure as in you are sure about Apache's license, or you are sure as in ......... like you are sure about your name? Smiley

  • User profile image
    Manip

    Keskos wrote:
    You are sure as in you are sure about Apache's license, or you are sure as in ......... like you are sure about your name? Smiley


    I'm sure as in I'm sure your a little troll.

  • User profile image
    Keskos

    Manip wrote:
    Keskos wrote:You are sure as in you are sure about Apache's license, or you are sure as in ......... like you are sure about your name? Smiley


    I'm sure as in I'm sure your a little troll.


    Respect please. If you can't handle a joke then don't post.

  • User profile image
    Manip

    Keskos wrote:
    Respect please. If you can't handle a joke then don't post.


    That was not a joke, it was a personal attack. What does Apache/GPL have to do with this topic even remotely and why is it funny to bring it up?

    I don't find it funny.

  • User profile image
    Cider

    To be fair, Manip, he did use a smiley and I saw the comment in the way it was intended.  The only person getting involved in the personal attacks here is yourself.

  • User profile image
    Charles

    Yes, please be respectful everybody. There's nothing wrong with a little sportsmanship, but I think there is still some bad blood between certain niners based on past threads. This will change over time. Let's all try and be sensitive to the differences in perceptions of what constitutes an attack. Even in jest, people can be offended. It's best to just not even joke about sensitive issues. Sensitivity is relative.

    EDIT: Removed question.


    Charles

  • User profile image
    Keskos

    Charles wrote:
    Yes, please be respectful everybody. There's nothing wrong with a little sportsmanship, but I think there is still some bad blood between certain niners based on past threads. This will change over time. Let's all try and be sensitive to the differences in perceptions of what constitutes an attack. Even in jest, people can be offended. It's best to just not even joke about sensitive issues. Sensitivity is relative.

    EDIT: Removed question.


    Charles


    What's the sensitive issue here? The fact that Manip at one point got Apache's license wrong? Are we barred from mentioning that in this context? He was also sure about that one, so I jokingly asked how sure he is about this one. What's wrong with this question? How can someone call that a personal attack is beyond me even with all the relativity theory. 

    How about dealing with some real personal attacks from eagle.

    "A chap like kestos will cheat, because he knows he can.


    Jamie will be polling us on a name for his goldfish...

    ...but you will cheat (you just did) it's the only way you know...

    That's not a flame, just a fact. I posted three hours after he did, he jumped on my post in seven minutes.

    He uses several identies here on channel9 so he can have conversations with himself. 

    No one on channel9 is as disrespectful as himself.
    "

  • User profile image
    jamie

    huh? My Goldfish are named Bill and Steve

    * were you talking to me? you.. i thought you .. you talking to me? </denero>

    If you were.. i have one account

    im the real jamie all you other lame jamies are just imitating Wink

  • User profile image
    Manip

    Keskos wrote:

    What's the sensitive issue here? The fact that Manip at one point got Apache's license wrong? Are we barred from mentioning that in this context? He was also sure about that one, so I jokingly asked how sure he is about this one. What's wrong with this question? How can someone call that a personal attack is beyond me even with all the relativity theory. 


    What does apache/GPL have to do with this topic?

    It wasn't a joke, it was an attack hidden within a joke.
    Just like racist attacks are hidden within racist jokes. We don't accept racist jokes, do we?

    And to be clear, your barred from mentioning peoples past mistakes in ANY context
    unless that is the topic or it is absolutely necessity.
    I'm not talking about C9, I am talking about life.

    In general I find most of what you say offensive/rude and you just LOVE to pick at people.
    Maybe it is just my local culture and the way I perceive things but that is the way it is.

  • User profile image
    Cider

    Jamie,

    Is that named after Gates and Bullmer, Gates and Jobs or maybe even 80s legends Bill Cosby and Steve Guttenberg?

    To explain some of the edits and deletions above, I'm not absolutely sure why Charles deleted his question but I asked for my reply to be deleted because I put some extra information about this flaw in, and, personally, I do not believe that the flaw exposees (or whatever you call these anal people who find security bugs) used "responsible disclosure" and merely waited for SP2 to be released so they could be "w00t l33t haX0rs".

    For what its worth, Keskos, I did defend your joke in this thread because, well, I'm British, and our sense of humour tends to be based upon attacking, piss taking and the like.  Also, I don't think Charles was having a go at you at all, but merely trying to pour oil on the water to make everyone calm down.

  • User profile image
    jamie

    Gates and Jobs

    I had a lobster named after Ballmer once - but he kept jumping out of the tank:  Crustaceans! Crustaceans! Crustaceans!

  • User profile image
    Cider

    Oh, Manip, catch yourself on.

    He made a joke which, actually, did have something to do with this topic.  You did make a mistake before and he (very very gently, actually) ribbed you about it because you were making a statement about how sure you are now and he was challenging that.  It was hardly threatening and certainly trying to say "you making a comment about Apache is like a racist joke" just makes you look stoopid.

    For crying out loud, lighten up, and stop being such a sensitive little petal.

    Smiley

  • User profile image
    Charles

    OK. All that I meant was we just need to remember to be respectful (I'm starting to sound like a broken record. I'm starting to sound like a broken record. I'm starting to sound like a broken record.) Smiley

    "Troll" is an insult as far as we're concerned, so please stop calling people trolls. Let's change the vector of this thread back to the original topic and move on from the personal attack debate. It's simple. Before we hit post, let's make sure that we don't say something that belittles or humiliates or in anyway puts somebody down. What good does it do to get personal in any way when putting forth an argument are supporting a specific position in a debate?

    Keep on posting!

    Charles 

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.