chofmann's weblog

I love their "mitigating factors" section:

In a Web-based attack scenario, an attacker would have to host a Web site that contains a Web page that is used to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's Web site.

I feel so much safer.

Although... I can't remember the last time I ever saw a .WMF or .EMF file. I wonder if IE will actually render them, or just offer to download?

There is a non-working link in
June 17, 2004
More data on user having problems with their browsing experience

I assume you ment this one:
http://news.com.com/Spying+on+spyware/2100-1001_3-5236735.html

Another fine reading:
http://news.com.com/Spying+on+the+spyware+makers/2008-1012_3-5694455.html

The way I understand the issue, it is not a flaw in Internet Explorer, but a flaw in a component that may be used by Internet Explorer. Think of it like a flaw in libpr0n. libpr0n is a shared library so it could affect more than Mozilla Firefox.

> I wonder why Microsoft doesn't call this security vulerability an IE bug?

Because this security vulnerability is not an IE bug, but a bug in a shared system library instead?

IE is _affected_ by this bug, among others.

I think it is also a vulnerability of IE.

Remember Secunia Advisory SA12232 which was about libpng:
http://secunia.com/advisories/12232/
http://secunia.com/advisories/12219/

> libpr0n is a shared library so it could affect more than Mozilla Firefox.

Exactly, when mozilla has a bug in libpr0n, we report it as a bug in firefox, thunderbird and the mozilla suite to keep users informed.

> Because this security vulnerability is not an IE bug, but a bug in a shared system library instead?

The greatest impact of this bug is in IE. Microsoft mentioned how the bug may affect Outlook users bug failed to mention Internet Explorer by name a single time in the lengthy discription of the problem.

In the last 6 months the press has begun to us the total number of reported vulerabilities as a key metric to report on the security of products. The value of this is questionable when the critcality of vulerabilities, the number of known exploits running in the wild, the speed at which vulerabilities and exploits are fixed are much better metrics; but the fact is that the press is using total vulerabilites in their reporting.

Calling this bug a "windows shared graphics library" bug plays into the hands of reporters that want to write the simplistic stories about IE has fewer security bugs than Firefox, Safari and others...

http://www.microsoft.com/technet/security/Bulletin/MS05-026.mspx
is another example when Microsoft obsured the connection between this "system library" problem and Internet Explorer. If I don't use IE I cut off the primary attack vector for this vulerability and known set of exploits that are running in the wild.

I agree that M$ should say that bugs like these affect IE primarily, but I think it's possible, tho unlikely, to affect other users. Say I decide for some reason (it's happened before) use Irfanview to open an image I found on the web. I might copy the img url (I've still to learn to use Copy Image) and paste it into the Open dialog of IrfanView. In Windows, this works but will prolly leave me open also to any such bugs.

You know that is my question as well is why this was not reported as an IE Bug. Anyways heard it was fixed but can verify that anywhere either any updates?

I think Mozilla Firefox the most reliable on safety a browser... But ideal programs does not exist. Hackers find all new vulnerability. We programmers should work above it.

horses... dream of my life

Horse is the best animal all over the world.

As for the Giants, their own happiness was short-lived as they lost to - who else?